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Course Description 

e-business: Designing Integrated Solutions 

Duration: 4.5 days 

Purpose 

This course will enable the students to design e-business applications 
to meet specific business requirements, select patterns for designs 
from IBM Patterns for e-business, apply optional elements to the base 
designs, evaluate alternative approaches, advise on tools to 
implement the designs, and provide basic consulting on best practices 
in design and implementation of e-business applications. The scope of 
the course is for the design of distributed systems implementing 
e-business functions. 

Audience 


Persons responsible for the basic structure of e-business applications 
or infrastructure, such as architects, application designers, 
infrastructure implementors, lead programmers, security specialists, 
and business area managers. 

The audience can be divided into two groups, one based on 
understanding the why of technology choices and product placement, 
and one based on understanding the details of how the technologies 
and products work. 


Prerequisites 


• The part of the audience that needs to understand the why of 
technology choices and product placement must have: 

- General knowledge of the e-business marketplace 

- Conceptual knowledge of Web basics, such as: browsers, 
HTTP, HTML 

- Conceptual knowledge of legacy systems 

• The part of the audience that needs to understand how 
technologies and products work should have knowledge of 
e-business technologies and related IBM products. They can 
obtain these skills by completing the e-business: Technology 
Workshop (IN21). 
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• Preferably, the audience also has experience as designers or 
architects of a solution. 


Objectives 

After completing this course, you should be able to: 

• Identify the IBM Patterns for e-business by application area 

• Select the appropriate patterns for specific business scenarios 

• Evaluate alternative design elements by cost and benefit analysis 

• Evaluate alternative design elements by phase (development, 
deployment, operations) 

• Discuss tradeoff decisions in designs for various criteria 

• Critique other designs and identify strengths and weaknesses 

• Explain design consequences on the implementation tool choice 

• Explain design consequences on the development organization 

• Explain design consequences on deployment infrastructure 

• Explain design consequences on operations and skills 

• Select example products to implement a design 

• Discuss product decisions and consequences, in terms of skills, 
costs, and timelines 

• Evaluate alternative designs for security, comparing usage of 
dispatchers, proxies, and resource security 

• Discuss performance issues in specified design alternatives 


Contents 


Course Introduction 

Introduction to Patterns 

Methodology and Tools 

Building a Design using Assigned Patterns 

Selecting a Pattern Given Specific Business and IT Drivers 

Building a Design using Collaborative and Information Aggregation 

Patterns 

Creating a Design for Application Integration 
Creating a Design for Security and Performance 

Curriculum relationship 

• e-business: Technology Workshop 
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Agenda 

The following describes a tentative detailed schedule for the course. Each day runs from 
8:30 a.m. to 5:30 p.m. Each day includes a 1-hour lunch break usually starting around 
11:30 a.m. to 12:00 p.m., and two 15-minute breaks (one in the morning and one in the 
afternoon): 

Day 1 

Unit 1 - Course Introduction 
Exercise 1 

Unit 2 - Introduction to Patterns 
Unit 3 - Methodology and Tools 
LUNCH 

Unit 4 - Building a Design using Assigned Patterns 
Exercise 2 - Designs and presentations 

Day 2 

Exercise 2 - Design Evaluations and Review 

Unit 5 - Selecting a Pattern Given Specific Business and IT Drivers 

LUNCH 

Exercise 3 - Designs, Presentations and Evaluations 

Day 3 

Exercise 3 - Design Review 

Unit 6 - Building a Design using Collaborative and Information 
Aggregation Patterns 
Exercise 4 - Designs 
LUNCH 

Exercise 4 - Presentations, Evaluations and Review 

Day 4 

Unit 7 - Creating a Design for Application Integration 

Exercise 5 - Designs and Presentations 

LUNCH 

Exercise 5 - Evaluations and Review 

Unit 8 - Creating a Design for Security and Performance 

Day 5 

Exercise 6 - Designs, Presentations, Evaluations and Review 
Course Wrap up 
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Unitl. Course Introduction 

What This Unit Is About 

This unit gives a brief overview of the course agenda and describes 
the types of learning activities in which the student will participate 
during the course. The instructor and students have an opportunity to 
introduce themselves, and the instructor is able to determine the 
background of the students. In addition, an exercise providing a 
team-building opportunity is included in this section. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• List the agenda for the course 

• Describe the activities that make up the course 

• Discuss the advantages of a standard notation in design 

• Build teamwork and strengthen teaming under stress 


How You Will Check Your Progress 

Accountability: 

• Team exercise 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 
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Design with 
Patterns 


e-business 


Welcome to: 


e-business: Design Integrated Solutions 



Figure 1-1. Design with Patterns IN234.0 

Notes: 

Purpose: 

The purpose of this course is to develop the architecture and design skills required to apply 
the IBM Patterns for e-business to customer environments. Selecting appropriate patterns, 
choosing the specific products, understanding the tradeoffs between various solutions and 
developing designs for the customer are the activities performed by the students. 

Prerequisites: 

The e-business Technology Workshop (B3106/IN21) provides the student with the 
prerequisite knowledge of concepts, J2EE, WebSphere, connectors and security needed to 
successfully complete system designs. Students who already possess equivalent 
knowledge may enroll without completing the Workshop. 
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1.1 Course Introduction 


© Copyright IBM Corp. 1999, 2003 Unit 1. Course Introduction 1-3 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Unit Objectives 


After completing this unit, you should be able to: 

•Describe the major sections of the course 
•Explain educational strategy for course 
•Describe the agenda 

•Explain prerequisite knowledge and course relationships in 
curriculum 


Figure 1-2. Unit Objectives IN234.0 

Notes: 
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Approach (1 of 2) 


•Immerse participants in realistic scenarios 
•Use IBM Intellectual Capital 
•Focus on several aspects of pattern design 
•Practice, Practice, Practice. 


Figure 1-3. Approach (1 of 2) IN234.0 

Notes: 

This is a practice course. Students are expected to go through exercises without having 
skills before they begin. After each exercise, students should notice an increase in their 
skills. At the conclusion of the course, students can expect to perform in a skilled manner. 

The realism of the scenarios is matched to the needs of the teaching points. Any departure 
of design inputs from what you might consider reasonable is to insure coverage of specific 
design points. 

Each exercise will focus on specific skills, and some aspects of total system design may be 
minimized or missing in each individual exercise. 
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Approach (2 of 2) 


•Teamwork - 3 to 5 persons per team 

•Engagements - Each exercise is a mini-engagement with 

deliverables 

•Lectures - Support exercises and are specific and limited 
•Discussions carry major learning points 
-Tradeoff decisions are of most interest 


Figure 1-4. Approach (2 of 2) IN234.0 

Notes: 

Participants divided into teams. Each exercise may have teams reassigned, depending on 
the skill mix in the class. Usually, teams will be 3-5 person teams, organized by mixed skill 
sets. All exercises are done by teams, so that learning will come from sharing team 
solutions and discussing alternatives. It is important to take advantage of participant 
knowledge and experience. 

Team work immerses participants in a typical engagement. Exercises expose design 
process and exploration of solutions. We will iterate through process more than once, 
incrementally expose more complex solution designs. 

Our basic method is Learn by doing. The lectures support the team exercises and do not 
stand alone. 
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Scenario Flow 


First Phase - introduction to exercise 

1. Review of case, specification of deliverables 

2. Read reference materials 

3. Create designs and deliverables 

4. Present and discuss designs, decisions 

Second Phase - Evaluations 

1. Rating of designs 

2. Rating of patterns 

3. Discussions 


Figure 1-5. Scenario Flow IN234.0 

Notes: 

After the lecture, we will introduce the business scenario and discuss the deliverables. 
Student teams will then organize themselves to accomplish the design activities and 
produce the deliverables. 

Once designs are final, teams will present them, quickly and efficiently, answering 
questions and discussing decisions. 

In the second phase, students return to the team work phase, filling in tables of ratings as 
needed to complete an exercise. These are then discussed. 
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Prerequisite Knowledge 


•Two kinds of learners 
-Concepts Down 
-Details Up 
•Two Courses 
-P3206 
-B3106 
•Sequenced 
-Most learners take 
B3106 first, then P3206 



P3206 


Figure 1-6. Prerequisite Knowledge IN234.0 

Notes: 

This course is dependent on the knowledge covered in the Technology Workshop. Although 
manuals and Redbooks are provided to help the student deal with the wide breadth of 
subjects and products involved in e-business, the lectures and exercises require specific 
information. 

Students generally can be placed into one of two adult learning styles. The Technology 
Workshop is designed for those who build up from the detailed to the broad concept level. 
This course is designed for those who drill down from the concept to the detail level. 
However, this course is limited in its objectives: 

• You are NOT going to: 

- Become an expert in designing solutions within five days. 

- Get answers to ALL questions on EVERY product and technical subject covered. 
(We will answer as many questions as we can.) 

• We will provide pointers (for example, URLs, Redbooks, Contact Persons, IBM 
Organizations) 

• Many items will be captured and dealt with as issues and hot buttons for discussion 
later 
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Agenda Overview 


Monday 

Tuesday 

Wednesday 

Thursday 

Fridav 

Introduction 

Design 

Review 

Design 

Review 

Integration 

Design 

Security and 
Performance 

Patterns 

Selecting 

Patterns 

Selecting 

Patterns 

Exercise 

Exercise 

Design 

Review 

Methodology 

Exercise 

Exercise 

Design 

Review 

Design 

Review 


Design and 
exercise 






Figure 1-7. Agenda Overview IN234.0 

Notes: 

There are five major exercises in the course. The second half of each day is typically used 
for the completion of the exercise, although this is not exact and the last exercise ends at 
midday Friday. 

Agendas may vary because of student interest and skills. 

Pattern for each scenario: 

Lecture»>Exercise»>Clinic»>Exercise»>Evaulate 
Exercises: Plan-Do-Reflect structure 
Learn by doing - team / project based 
Discussions are the primary learning methodology 
1 hour lunch, and two 15-minute breaks each day 
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Team Introduction 


•Prepare to Introduce team (5 minutes) 
-Place information on Transparency 
-Choose presenter 
•Present team (2 minutes) 


•(Name team !) 


Figure 1-8. Team Introduction IN234.0 

Notes: 

• Put introduction on foil (transparency) 

• Choose presenter 

• Presenter introduces team for 2 minutes 
Information regarding team members may include: 

• Name 

• Where from originally 

• City, State, Country 

• Relevant experience with e-business technology (for example, HTTP/HTML, Web 
Servers, Java, Web Application Servers, EJB/CORBA, Business Integration, Workflow, 
and so forth) products (for example, WebSphere, Domino, TXSeries, Tivoli, 

Secure Way, and so forth) 

• Expectations from the course 

• Hobbies 

• Any other little known facts or factoids. 
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The time limit is quite short in order to limit the presentation length. 
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PDR 


•Explicit plan for each exercise 
-Whiteboard/paper/plastic - every time 
•Define activities/Control time 
-Sequence 
-Limits 

-Roles (Timekeeper, Scribe, Artist, Leader) 
•DO - execute your plan 

•Reflect - 

-Answer questions about exercise 


Figure 1-9. PDR IN234.0 

Notes: 

Each scenario will be organized through the PDR process. 

• Plan 

- Read and understand PDR 

- Plan should be explicit (for example, on whiteboard/paper) - every time 

- Define activities 

- Organize: 

— sequence activities 

— define time limits 

— define roles: include Timekeeper, Scribe, Leader 

• Do 

- Do the activities according to the plan 

• Reflect 

- Answer questions about the exercise 

- Helps you retain lessons from exercise 
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One Building Bank 

•Prepare two flip charts to describe the design of a 
system for a single location bank. 

-Retail activities only 

•Post the two charts and walk around to examine other 
teams’ work, answer reflection questions. 

•Timeline: 

-20 minutes on charts 
-5 minutes walking around 


Figure 1-10. One Building Bank IN234.0 

Notes: 

• You need to communicate the design of a one location bank to other developers 
(architects, designers, programmers, and so forth): 

• Your design must be communicated in two flip charts, which should be self explanatory. 

• You can use whatever you want to communicate the design 

• Your design will be reviewed as is 

• You will NOT present your design 

• After you post your design, walk around the other teams' design and answer additional 
reflection questions 

This exercise is to practice the process, position your skills within the team, and allow you 
to begin to identify who does what and what is to be done. 


© Copyright IBM Corp. 1999, 2003 Unit 1. Course Introduction 1-13 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 






Student Notebook 


Unit Summary 


•Described the major sections of the course 
•Explained educational strategy for course 
•Described the agenda 

•Explained prerequisite knowledge and course relationships in 
curriculum 


Figure 1-11. Unit Summary IN234.0 

Notes: 
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Unit 2. Introduction to Patterns 

What This Unit Is About 

This unit describes the basics of design using patterns, introduces the 
student to the most common patterns used to develop Web-based 
applications, and identifies the business needs the pattern meets. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Describe the most common patterns that are used to develop 
Web-based applications 

• Differentiate between the types of patterns that are presented 

• Identify the type of pattern used to meet a set of customer business 
requirements 

• Describe some of the custom patterns 

• Identify how a custom pattern is used to meet a set of customer 
business requirements 

• Discuss limitations and risks of using custom patterns 


How You Will Check Your Progress 

Accountability: 

• Discussion 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 
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Design with 
Patterns 


e-business 


Welcome to: 


Unit 2. Introduction to Patterns 



Figure 2-1. Unit 2. Introduction to Patterns IN234.0 

Notes: 


2-2 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 





Student Notebook 


2.1 Introduction to Patterns 
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Unit Objectives 


After completing this unit, you should be able to: 

•Describe the most common patterns that are used to develop 
Web-based applications 

•Differentiate between the types of patterns that are presented 

•Identify the type of pattern used to meet a set of customer 

business requirements 

•Describe some of the custom patterns 

•Identify how a custom pattern is used to meet a set of 

customer business requirements 

•Discuss limitations and risks of using custom patterns 


Figure 2-2. Unit Objectives IN234.0 

Notes: 
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e-business Solutions 



e-business solutions allow an organization to leverage 
Web technologies to reengineer business processes, 
enhance communications and lower organizational 
boundaries with their customers and shareholders 
(across the Internet), employees and stakeholders 
(across the corporate intranet), and its vendors, 
suppliers and partners (across its extranet). 


Figure 2-3. e-business Solutions IN234.0 

Notes: 

e-business solutions leverage Web technologies to reengineer business processes. This 
does not just mean setting up a Web site on the Internet. The same technologies can be 
applied to intranet applications and extranet applications. Increased customer self-service 
and integration with legacy systems presents new problems in terms of availability, 
capacity, security and system management. 
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Solution Development - Challenges 


•e-business solutions present unique challenges: 

-Higher degree of integration with backend systems within 
the enterprise and with systems outside the enterprise. 

-These solutions need to reach the market faster. This does 
not mean that we sacrifice quality but it means we have to 
come up with better ways to develop these solutions. 

-Service Level Agreements are critical. 

-Adapt to rapidly changing technologies and dramatically 
smaller product cycles. 

-An acute shortage of key skills that are needed to develop 
quality solutions. 


Figure 2-4. Solution Development - Challenges IN234.0 

Notes: 

One of the main challenges with e-business applications is the fast pace of evolution of the 
technologies and products which can be used to develop, deploy, and manage the 
applications. 
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Proposed Solution to These Challenges 


•Use proven approaches for building these solutions 

•Assemble solutions from fine-grained and coarse-grained 
components 

•Leverage the knowledge of your experts 

•A search for successful approaches often results in the 
identification of patterns 


Figure 2-5. Proposed Solution to These Challenges IN234.0 

Notes: 

A solution to the challenges of building e-business applications is to leverage successful 
approaches to similar problems that have been encountered in the past. Often the same 
approach is successful in a number of separate cases, and these approaches are identified 
as recurring patterns. 
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What Are Patterns? 


“Each pattern describes a problem that occurs over and over 
again in our environment and then describes the core of the 
solution to that problem in such a way that you can use this 
solution a million times over without ever doing it the same 
way twice.” 


- Dr. Christopher Alexander 
A Timeless way of building 


Figure 2-6. What are Patterns? IN234.0 

Notes: 

Patterns have been employed in software engineering for some time: 

• Architectural Patterns 

- “An architectural pattern expresses a fundamental structural organization schema 
for software systems. It provides a set of predefined subsystems, specifies their 
responsibilities, and includes rules and guidelines for organizing the relationship 
between them” - Patterns-Oriented Software Architecture - A System of Patterns, 
Frank Buschmann, et al. 

- “Patterns for e-business identifies Architectural Patterns in the e-business solution 
space” - Patterns for e-business: A Strategy for Reuse, Jonathan Adams, et al and 
the Web Site http://www.ibm.com/developerworks/patterns/ 

- Useful during high level design phase of a project 

• Design Patterns 


2-8 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 






Student Notebook 


- “A design pattern systematically names, motivates, and explains a general design 
that addresses a recurring design problem in objectoriented systems” - Design 
Patterns: Elements of Reusable Object Oriented Software, Erich Gamma, et al. 

- Useful during Detailed Design Phase of a Project 

- Patterns for e-business initiative documents these in the Redbooks in Design 
Guidance chapters. 

• Analysis Patterns 

- “An analysis pattern is a group of concepts that represent a common construction in 
business modeling. It may be relevant to only one problem domain, or it may span 
many domains” - Flower 97 

- Represents commonly occurring business domain construct such as party and 
organization. 

• Reference Architecture 

- “A reference architecture is an architecture which has already been created, for a 
particular domain of interest. It typically includes many different architectural styles, 
applied in different areas of its structure” - IBM ADS Glossary 

- Reference Architectures often defined for a repeating combination of architectural 
patterns. They are often documented using key work products from a particular 
methodology. 
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Patterns 


Patterns help address many of these challenges related to the 
solution development process. It is important to remember 
that patterns: 

-Are not new 

-Are not invented - they are observed and documented from 
extensive experience 
-Help shorten development cycles 
-Help leverage knowledge of experienced professionals 
-Help promote reuse of assets 


Figure 2-7. Patterns IN234.0 

Notes: 
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Patterns for e-business 


•Patterns for e-business: 

-Provide a simple and consistent way to translate business 
priorities and requirements into technical solutions 

-Assist and speed up the solution development process by 
facilitating the assembly of solution and minimizing custom 
one-of-a-kind implementations 
-Capture the knowledge and best practices used by experts 
and make it available for use by junior technologists 
-Facilitate the reuse of intellectual capital such as Reference 
Architectures, Frameworks and other assets 


Figure 2-8. Patterns for e-business IN234.0 

Notes: 

Patterns for e-business provide a simple way to translate business priorities and 
requirements into technical solutions. They do this by providing reusable assets that 
capture expert knowledge and best practises to facilitate assembly of a solution with 
minimal customization. 
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Patterns for e-business 


•We introduce five types of Patterns 

1 .Business Patterns 
2.Integration Patterns 
3.Composite Patterns 



Figure 2-9. Patterns for e-business IN234.0 

Notes: 

Business patterns 

Business patterns highlight the most commonly observed interactions between Users, 
Businesses, and Data. They are the fundamental building blocks of most e-business 
solutions, and describe the interaction between the participants in an e-business solution. 

Integration patterns 

Complex e-business applications can be built by combining multiple Business patterns 
together. This is accomplished by using Integration patterns as the "glue" between 
Business patterns. Integration patterns are differentiated from Business patterns in that 
they do not themselves automate specific business problems. Rather, they are used within 
Business patterns to support more advanced functions, or to make Composite patterns 
feasible by allowing the integration of two or more Business patterns. 

Composite patterns 

Composite patterns combine Business patterns and Integration patterns to create complex, 
advanced e-business applications. Of course, there are numerous potential combinations 
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of Business patterns and Integration patterns, but only a limited number of Composite 
patterns documented on this Web site. A solution design composed of these multiple 
building blocks is only considered a Composite pattern when it is recurrently employed to 
solve the problems of businesses across a wide range of industries. 

Logical patterns are a set of conceptual layouts composed of Application patterns and 
Runtime patterns. The following are logical patterns: 

• Application patterns - describe how the application logic and data are partitioned and 
how they interact. 

• Runtime patterns - uses nodes to group functional requirements. The nodes are 
interconnected to solve a business problem. The choice of Application pattern will 
typically lead to an underpinning Runtime pattern. 

In addition the Patterns Web site includes: 

• Custom designs. These are like Composite Patterns but have not achieved sufficient 
widespread implementation to qualify as patterns. 

• Product mappings to populate the solution. The product mappings are based on proven 
implementations. 

• Guidelines for the design, development, deployment, and management of e-business 
applications. 
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Business Patterns 



''Customer Requirements 
Business Problem 
Business Processes/Rule 
Existing Environment 



1. Who are the primary Business Actors? 

2. Describe the Interactions between them? 


Business Patterns 



Figure 2-10. Business Patterns IN234.0 

Notes: 

Business patterns are high-level constructs that can be used to describe the key business 
purpose of a solution. These patterns describe the objectives of the solution, the high-level 
participants that interact in the solution, and the nature of the interactions between the 
participants. Structurally, these patterns are made up of at least two of the following three 
entities that occur in e-business solutions: 

Users of the solution - This can include customers, investors, partners, vendors, and so on. 

Enterprise or organization the users interact with - This "Business" entity can be used to 
represent the organization itself or systems (applications or software programs) that exist 
within the organization 

Data that exists within the organization - Data is distinguished from applications because 
the nature of interactions between these entities is very different. 
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Business Patterns 


Business Patterns are the basic building blocks for solutions 



Figure 2-11. Business Patterns IN234.0 

Notes: 

Business patterns highlight the most commonly observed interactions between Users, 
Businesses, and Data. They are the fundamental building blocks of most e-business 
solutions, and describe the interaction between the participants in an e-business solution. 
The four Business patterns documented on the Patterns for e-business site are: 

Self-Service - Also known as the User-to-Business pattern, Self-Service addresses the 
general case of internal and external users interacting with enterprise transactions and 
data. 

Collaboration - Sometimes called User-to-User, the Collaboration business pattern 
addresses the interactions and collaborations between users. This pattern can be 
observed in solutions that support small or extended teams that need to work together in 
order to achieve a joint goal. 

Information Aggregation - The Information Aggregation business pattern, also known as 
User-to-Data, can be observed in e-business solutions that allow users to access and 
manipulate data that is aggregated from multiple sources. This Business pattern captures 
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the process of taking large volumes of data, text, images, video and so on and using tools 
to extract useful information from them. 

Extended Enterprise - The Extended Enterprise business pattern (aka 
Business-to-Business or B2B) addresses the interactions and collaborations between 
business processes in separate enterprises. This pattern can be observed in solutions that 
implement programmatic interfaces to connect inter-enterprise applications. 
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Integration Patterns 



Figure 2-12. Integration Patterns IN234.0 

Notes: 

The natural consequence of the integration points that enable interaction between the four 
Business patterns is that today's more complex solutions can be built by combining these 
Business patterns. This is done by using one or more Integration patterns, which integrate 
multiple applications, multiple modes of access, and multiple sources of information to build 
one seamless application. Integration patterns are differentiated from Business patterns in 
that they do not themselves automate specific business problems. Rather, they are used 
within Business patterns to support more advanced functions, or to make Composite 
patterns feasible by allowing the integration of two or more Business patterns. 
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Integration Patterns 


Integration Patterns provide the glue to combine Business Patterns to form 
solutions 



Notes: 

Complex e-business applications can be built by combining multiple Business patterns 
together. This is accomplished by using Integration patterns as the glue between Business 
patterns. Integration patterns are differentiated from Business patterns in that they do not 
themselves automate specific business problems. Rather, they are used within Business 
patterns to support more advanced functions, or to make Composite patterns feasible by 
allowing the integration of two or more Business patterns. The two Integration patterns 
documented on this site are: 

Access Integration - The Access Integration pattern describes those recurring designs that 
enable access to one or more Business patterns. In particular, this pattern enables access 
from multiple channels (devices) and integrates the common services required to support a 
consistent user interface. 

Application Integration - The Application Integration pattern brings together multiple 
applications and information sources without the user directly invoking them. This pattern is 
most effectively applied when developmental efforts require the seamless execution of 
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multiple applications and access to their respective data in order to automate a complex, 
new business function. 
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Composite Patterns 



•Account Access 
•Electronic Commerce 
•Portals 

•E-Marketplaces 


Figure 2-14. Composite Patterns IN234.0 

Notes: 

As e-business Solutions become more and more complex we can observe higher-level 
patterns that are composed of individual Business patterns. 

The Composite patterns that we have identified are: 

• Account Access 

• Electronic Commerce 

• Portals 

• E-Marketplaces (comprising Buy-side Hub, Sell-side Hub and Trading Exchange) 

These Composite patterns are observed behind much of today’s application software, such 
as: 

• Siebel Enterprise 

• Ariba DynamicTrade 

• PlumTree Portal Server and so forth 

These Composite Patterns can be refined into the Application patterns and Runtime 
patterns associated with the business and integration patterns. 
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Composite Patterns 


Example: Composite Pattern for Electronic Commerce 
Solutions 
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Blue - Mandatory Business Patterns 

Red - Optional Business Patterns - Variations 


Figure 2-15. Composite Patterns IN234.0 

Notes: 

Composite Patterns are represented by a pattern diagram which shows the mandatory and 
optional business and integration patterns used in the composite pattern. 
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Application Patterns 



Figure 2-16. Application Patterns IN234.0 

Notes: 
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Application Patterns 


Each of the four business patterns can be implemented using 
one or more application patterns. 

Each application pattern describes: 

•Structure 

-Business actors in the application 
-Interactions between the business actors 

•Placement 

-How do we split up processing? 

-Where do we place data? 

•Integration 

-Loosely coupled versus tightly integrated 
-Impact on backend systems 


Figure 2-17. Application Patterns IN234.0 

Notes: 

Application patterns represent the partitioning of the application logic and data together 
with the styles of interaction between the logic tiers. Application patterns are chosen after a 
Business pattern, Integration pattern, or Composite pattern is selected. 
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Patterns for e-business - Legend 



Application node 
containing new or 
modified 
components 


Application node 
containing existing 
components with no 
need for modification or 
which cannot be 
changed 


A process that is external 
and transparent to the 
current application. 
However the interfaces to 
this process are well- 
defined 


Read only data 



Transient data 

• Work in progress 

• Cached committed 

• Staged 


Read write data 


Meta Data 

•Templates 


Figure 2-18. Patterns for e-business - Legend IN234.0 

Notes: 
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Application Pattern Examples 


Self-Service:: Router 



Information Aggregation::Population - Single Step 


Extended Enterprise::Managed Public Process 



Partner A 




Partner B 

Backend | 

N:1 

Public 

1:N 

Partner 


synchronous. 

Rules Tier 


asynchronous, 

Tier 







Back end 

asynchronous 


server-specified 



Application 1 


or mutually agreed 
message format 


— 

Private Processes 

_ 1 

^ Public Processes 




Figure 2-19. Application Pattern Examples IN234.0 

Notes: 

These are a few examples of Application Patterns for different business patterns. 

Note the naming convention used for these Application Patterns. All application patterns 
are given a unique label based on the business pattern name followed by two colons and 
the application pattern name. 
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Runtime Patterns 



Figure 2-20. Runtime Patterns IN234.0 

Notes: 
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Runtime Patterns 


The Application patterns can be implemented by Runtime 
Patterns. Each Runtime pattern: 

•Will demonstrate certain Service Level Characteristics, which 
include: 

-Availability 
-Performance 
-Scalability and 
-Security 

•Can be represented by a logical node diagram 
-Defines the topology of the architecture and node 
placement 

-Runtime patterns are Product Agnostic. They can be 
mapped IBM or non IBM software and hardware products 


Figure 2-21. Runtime Patterns IN234.0 

Notes: 
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Runtime Pattern Example 



Figure 2-22. Runtime Pattern Example IN234.0 

Notes: 

This example of a runtime pattern shows the nodes in the environment and the connections 
between them. 
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Physical Product Mappings 



Figure 2-23. Physical Product Mappings IN234.0 

Notes: 
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e-business Technology Framework 
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Figure 2-24. e-business Technology Framework IN234.0 

Notes: 
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Self-Service Business Pattern 


•Direct interactions between users and a business 
-Internal and external users interacting with enterprise 
transactions and data 

•Application patterns: 

-Stand-Alone Single Channel 
-Directly Integrated Single Channel 
-As-ls Host 

-Customized Presentation to Host 

-Router 

-Decomposition 

-Agent 


Figure 2-25. Self-Service Business Pattern IN234.0 

Notes: 

The Self-Service business pattern, also known as the User-to-Business or U2B pattern, 
captures the essence of direct interactions between interested parties and a business. 
Interested parties include customers, business partners, stakeholders, employees, and all 
other individuals with whom the business intends to interact. For simplicity, these interested 
parties are referred to as users. In this definition business represents various types of 
organizations including large enterprises, small and medium businesses, government 
agencies, and so on. 
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Application Patterns for Self-Service 



Figure 2-26. Application Patterns for Self-Service IN234.0 

Notes: 

Stand-Alone Single Channel 

This Application pattern (also known as User-to-Business topology 1) is used when there is 
no need to integrate with legacy or third-party applications. It allows developers to replace 
the monolithic fat client design with a layered approach that uses a thin client with 
application business logic on the second tier. The second tier can access a local database 
maintaining the application data. 

Directly Integrated Single Channel 

This Application pattern (aka U2B Topology 2) extends the Stand-Alone Single Channel 
design by integrating with legacy and/or third-party applications. It allows the second tier's 
new application business logic to access existing applications, such as inventory 
management, or third party applications, such as a credit check. These applications reside 
on a third tier elsewhere in the network. 

As-ls Host 
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This Application pattern (aka U2B Topology 3) helps to structure Intranet access to existing 
host applications. It does not include runtime patterns, product mappings, and guidelines. 

Customized Presentation to Host 

This Application pattern (aka U2B Topology 4) can be used to provide customized 
presentation to existing host applications without changing the underlying application. It 
does not include runtime patterns, product mappings, and guidelines. 

Router 

This Application pattern (aka U2B Topology 5) links multiple presentation tiers to any 
back-end client without hiding the back end from the user. This design provides fast, highly 
scalable, highly available Web enablement of existing business transactions with multiple 
presentation channels and multiple applications. This application is divided into three 
logical tiers with a one-to-one relationship between the tiers at runtime. 

Decomposition 

This Application pattern (aka U2B Topology 6) extends the Router application pattern by 
integrating business logic in the intermediate tier, making the third-tier applications 
seamless. Decomposition provides customer-oriented support systems rather than the 
product-oriented systems of the Router application pattern. A presentation node is linked to 
the decomposition node, which controls the application flow. The decomposition node 
breaks down the user request into individual application requests, forwards the requests to 
the applications, and then gathers the results to send back to the presentation node. The 
business logic of the application is divided between the applications and the decomposition 
node. 

Agent 

This Application pattern (aka U2B Topology 7) provides a unified customer-centric view that 
can be exploited for mass customization of services and for cross-selling purposes. The 
Agent application pattern allows for personalization of a Web site, with the objective of 
targeting Web content and applications to specific users. These personalization activities 
are driven by the application server. 
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Collaboration Business Pattern 


•Interactions and collaborations between users 
-Small or extended teams 

•Application patterns: 

-Point-to-Point 
-Store and Retrieve 
-Directed Collaboration 
-Managed Collaboration 


Figure 2-27. Collaboration Business Pattern IN234.0 

Notes: 

The Collaboration business pattern, which is also known as the User-to-User or U2U 
pattern, enables interaction and collaboration between users. This pattern can be observed 
in solutions that support small or extended teams that need to work together in order to 
achieve a joint goal. 
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Application Patterns for Collaboration 


Point-to-Point 


Store and Retrieve 
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Application 



Workflow 

Application 



Figure 2-28. Application Patterns for Collaboration IN234.0 

Notes: 

Point-to-Point 

This Application pattern (aka User-to-User Topology 1) allows users to directly address 
other users on the network using simple point-to-point synchronous communications, and 
then enables them to begin a direct communication link with them. 

Store and Retrieve 

This Application pattern (aka U2U Topology 2) allows users to collaborate with others on 
the network interactively. Unlike the Point-to-Point pattern, this pattern does not require 
both partners to be online at the same time. It also does not require the client to know the 
physical or direct address of other users of the solution. 

Directed Collaboration 

This Application pattern (aka U2U Topology 3) allows users to collaborate with others on 
the network interactively, requiring the two users to be online simultaneously and to register 
with a server prior to the collaboration. In this pattern all of the users are peers and there 
are no client-server or master-slave relationships between the tiers in the pattern. 


© Copyright IBM Corp. 1999, 2003 Unit 2. Introduction to Patterns 2-35 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 

























































































Student Notebook 


Managed Collaboration 

This Application pattern (aka U2U Topology 4) builds on the Peer-to-Peer Collaboration 
application pattern by implementing workflow rules to manage the collaboration between 
users of the solution. This Application pattern supports both synchronous and 
asynchronous collaboration. 
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Information Aggregation Business Pattern 


•Allows users to access and manipulate data that is 
aggregated from multiple sources 
-Business intelligence 

•Application patterns: 

-Population - Single Step 

-Population - Multi Step 

-Population - Crawling and Discovery 

-Population - Summarization 

-Information Access - Read Only (plus variations) 


Figure 2-29. Information Aggregation Business Pattern IN234.0 

Notes: 

The Information Aggregation business pattern, which is also known as the User-to-Data or 
U2D pattern, can be observed in e-business solutions that allow users to access and 
manipulate data that is aggregated from multiple sources. This Business pattern captures 
the process of taking large volumes of data, text, images, video, and so on, and using tools 
to extract useful information from them. These tools may personalize data to suit user 
preferences, distill summary information from large volumes of data, use algorithms to 
identify trends hidden in the data, or answer users' hypothetical what-if questions about 
potential business scenarios. 
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Application Patterns for Information Aggregation (1 of 2) 


Population - Single Step 



Population - Multiple Step 



Population - Crawling and Discovery Population - Summarization 




Figure 2-30. Application Patterns for Information Aggregation IN234.0 

Notes: 

Population - Single Step 

This Application pattern (aka U2D Topology 1) structures the population of a datastore with 
data that requires minimal transformation and restructuring. The Population - Single Step 
pattern is a simplistic solution design. 

Population - Multi Step 

This Application pattern (aka U2D Topology 2) structures the population of a data-store 
with structured data that requires extensive reconciliation, transformation, and 
restructuring.The Population - Multi Step pattern must be used in conjunction with one of 
the Runtime patterns from the Information Access - Read Only pattern to create a complete 
Information Aggregation solution. 

Population - Crawling and Discovery 

This Application pattern (aka U2D Topology 3) provides a structure for applications that 
retrieve and parse documents and create an index of relevant documents that match the 
specified selection criteria. 
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Population - Summarization 

This Application pattern (aka U2D Topology 4) extends the capabilities provided by the 
Population - Crawl and Discover pattern by attaching summary information to index entries. 
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Application Patterns for Information Aggregation (2 of 2) 


Information Access - Read Only 



Information Access - Read Only Information Access - Read Only 

Variation 1 (Limited User Update) Variation 2 (Extensive User Update) 



Figure 2-31. Application Patterns for Information Aggregation IN234.0 

Notes: 

Information Access - Read Only 

This Application pattern (aka U2D Topology 5) helps structure a system design that 
provides read only access to aggregated information. The Information Access - Read Only 
application pattern must be used in conjunction with a data population mechanism to 
create a complete Information Aggregation solution. 

In the application pattern above, and in the variations that follow, functions to the right of the 
primary application node (the Drill-through applications) are optional and can be added to 
support drill-through. 

Variation 1 (Limited User Update) allows users to write data back to a local data store. A 
typical example would be saving the results of queries or of data manipulation. The data 
thus created is saved and not overwritten the next time data store is refreshed from its 
source. 

In Variation 2 (Extensive User Update) whenever the user makes a change to data, that 
change is checked. For updates of certain defined existing data elements, the change data 


2-40 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 








































Student Notebook 


is sent as a work item to an operational system. It then makes these changes by a 
transaction. These changes are captured by the next write cycle. The changes flow through 
from the Population process and the next time the local data is overwritten, the mart 
contains the results of the changes. The most common example of this pattern design is 
the operational data store (ODS). 
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Extended Enterprise Business Pattern 


•Interactions and collaborations between business processes 
in separate enterprises 

-Programmatic interfaces to connect inter-enterprise 
applications, not direct user interaction 

•Application patterns: 

-Document Exchange 
-Exposed Application 
-Exposed Business Services 
-Managed Public Processes 
-Managed Public and Private Processes 


Figure 2-32. Extended Enterprise Business Pattern IN234.0 

Notes: 

The Extended Enterprise business pattern, which is also known as the 
Business-to-Business pattern or B2B pattern, addresses the interactions and 
collaborations between business processes in separate enterprises. This pattern can be 
observed in solutions that implement programmatic interfaces to connect inter-enterprise 
applications. In other words, it does not cover applications that are directly invoked using a 
user interface by business partners across organizational boundaries. 
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Application Patterns for Extended Enterprise 
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Figure 2-33. Application Patterns for Extended Enterprise IN234.0 

Notes: 

Document Exchange 

The Document Exchange application pattern (aka B2B Topology 1) provides basic 
transport and data interchange through the use of a Value-Added Network (VAN). It is the 
current practice for EDI interactions between businesses. A service provider transforms 
messages into the appropriate formats and delivers the messages to VAN mail boxes. 

Exposed Application 

This Application pattern (aka B2B Topology 2) also provides basic transport and data 
interchange, but this time through a direct connection between partner applications using a 
Virtual Private Network (VPN). The access point of the VPN is behind the domain firewall to 
provide greater security. 

Exposed Business Services 

This Application pattern (aka B2B Topology 3) handles enterprise application integration as 
a set of services and communicates over a virtual private network(VPN). The access point 
of the VPN is behind the domain firewall to provide greater security. An integral component 
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of this Application pattern is a message broker that routes and transforms messages 
appropriately for the applications employing the service. 

Managed Public Processes 

The Managed Public Processes application pattern (aka B2B Topology 4) is based on 
emerging standards for Internet-based business-to-business interactions. It combines the 
services and broker approach of the Exposed Business Services design with management 
of the business protocol between trading partners. A business-to-business gateway is 
combined with other infrastructure to provide an execution environment for externally 
exposed services and a means for integration of the services with back-end business 
processes. This Application pattern can be adapted to accommodate various types of 
partners. 

Managed Public and Private Processes 

The Managed Public and Private Processes application pattern (aka B2B Topology 5) is an 
extension of the Runtime support for the Managed Public Processes application pattern. It 
provides additional automation by middleware to support the integration of internal 
business processes with inter-business process flows. It combines the services and broker 
approach of the Exposed Business Services design with management of the business 
protocol between the trading partners, all under the umbrella of integrated 
business-to-business and internal business workflow. This Application pattern can be 
adapted to accommodate various types of partners. 
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Access Integration Pattern 


•Enables access to one or more business patterns 
-Consistent user interface 
-Integrates common services: 

•Device Support 
•Presentation 
•Personalization 
•Security and Administration 

•Application patterns: 

-Pervasive Device Access 
-Single Sign-On 
-Personalized Delivery 


Figure 2-34. Access Integration Pattern IN234.0 

Notes: 

The Access Integration pattern describes those recurring designs that enable access to 
one or more Business patterns. In particular, this pattern enables access from multiple 
channels (devices) and integrates the common services required to support a consistent 
user interface. 
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Application Patterns for Access Integration 
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Figure 2-35. Application Patterns for Access Integration IN234.0 

Notes: 

Pervasive Device Access 

This Application pattern provides a structure for extending the reach of individual 
applications from browsers and fat clients to pervasive devices such as PDAs and mobile 
phones. 

Single Sign-On 

The Single Sign-On application patterns provide a framework for seamless application 
access through unified authentication services. Two Application patterns for single are 
shown: a basic pattern where the single-sign on functions are performed in the Web tier, 
and an extended pattern where the security context is extended to include the back-end 
systems. 

Extended Single Sign-On 

Extending the security context to include the back-end systems enables non-repudiation of 
back-end system transactions. For solutions with strong privacy and/or audit requirements, 
this approach is needed. 
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Personalized Delivery 

The Personalized Delivery application pattern provides a framework for giving access to 
applications and information tailored to the interests and roles of a specific user or group. 
This pattern extends basic user management by collecting rich profile data that can be kept 
current up to the user’s current session. Data collected can be related to application, 
business, personal, interaction, or access device-specific preferences. 
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Application Integration Pattern 


•The Application Integration pattern integrates multiple 
Business patterns or integrates applications and data within 
an individual Business pattern 

•Process-focused Application Integration Patterns 
-Direct Connection 
-Aggregator 
-Transactional 
-Broker 

-Managed Process 

•Data-focused Application Integration Patterns 
-Propagation 
-Replication 
-Operational Data Store 
-Federated Repository 


Figure 2-36. Application Integration Pattern IN234.0 

Notes: 

The Application Integration (aka Enterprise Application Integration or EAI) pattern serves to 
integrate multiple Business patterns or to integrate applications and data within an 
individual Business pattern. The requirements that gave rise to this pattern call for the 
seamless execution of multiple applications and access to their respective data in order to 
automate a complex, new business function. Reliable integration of applications - be they 
legacy stovepipe applications, packaged software applications, or custom applications - 
requires the use of proven replicable patterns. At its highest level, application integration 
can be divided into two essentially different approaches: 

• Process Integration - the integration of the functional flow of processing between the 
applications. 

• Data Integration - the integration of the information used by applications. 
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Process-focused Application Integration Patterns 


•Common services used by Process-focused Application 
Integration Patterns 
-Protocol adaptors 
-Message handlers 
-Data transformation 
-Decomposition/Recomposition 
-Routing/Navigation 
-State management 
-Security 

-Local business logic 

-(Business) unit-of-work management 


Figure 2-37. Process-focused Application Integration Patterns IN234.0 

Notes: 

Process-focused application integration application patterns are observed where multiple 
automated business processes are combined to yield a new business offering or to provide 
a consolidated view of some business entity with many representations in the corporate 
business systems. An often quoted example is the consolidated view of the state of all 
relationships of the business with a particular customer. 

Process-focused application patterns contain a well-defined set of services, combinations 
of which are used in the patterns observed in practice. These services include: 

• Protocol adaptors 

• Message handlers 

• Data transformation 

• Decomposition/Recomposition 

• Routing/Navigation 

• State management 

• Security 

• Local business logic 
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• (Business) unit-of-work management 
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Application Patterns for Application Integration 


•Process-oriented application patterns 
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Figure 2-38. Application Patterns for Application Integration (1 of 2) IN234.0 

Notes: 

Process-oriented application patterns: This approach to application integration is useful 
when multiple automated business processes need to be combined to yield a new business 
offering. It can also provide a consolidated view of some business entity with many 
representations in corporate business systems. 

The Direct Connection application pattern helps to structure a system design that allows a 
pair of applications to directly communicate with each other. 

The Aggregator application pattern facilitates multi-point request for information integration 
between applications. This Application pattern is sometimes referred to as a Router 
application pattern. 

The Transactional application pattern facilitates application integration that enables request 
for processing with two-phase commit coordination. 

The Broker application pattern enables request for processing integration by using an 
integration broker to coordinate updates to backend systems. 
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Application Patterns for Application Integration 


•Data-oriented application patterns 
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Figure 2-39. Application Patterns for Application Integration (2 of 2) IN234.0 

Notes: 

Data-oriented application patterns: This approach to application integration is more 
appropriate when applications need to share information rather than coordinate 
processing. 

The Propagation application pattern facilitates the coordinated movement of data between 
isolated application repositories. Where no transformation is required, this Application 
pattern is sometimes known as Data Mirroring. 

The Replication application pattern enables a coordinated bidirectional update flow of data 
in a multicopy database environment. 

The Operational Data Store application pattern serves as a centralized operational 
repository that aggregates the slices of information from various applications into a 
complete picture. Note that this Application pattern differs both in solution design and 
functionality from the Information Aggregation::Operational Data Store Combined runtime 
pattern. 
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The Federated Repository application pattern creates a unified query interface into isolated 
structured and unstructured repositories. 


© Copyright IBM Corp. 1999, 2003 Unit 2. Introduction to Patterns 2-53 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Composite Patterns: Electronic Commerce 


Composite Pattern for Electronic Commerce Solutions 


£ 

Self Service 


£ 

O 

O 

‘■5 


ro 

U) 

a> 

Collaboration 


O) 

£ 

7z 


£ 

</> 

(/> 

a> 

information Aggregation 


O 

ro 



.2 

< 


Q. 


Extended Enterprise 


Q. 

< 


Blue - Mandatory Business Patterns 

Red - Optional Business Patterns - Variations 


Application Patterns: 

Web-up 


Enterprise-out 




Application 
1 



Presentation 

synchronous 

Buying 

application 

synchronous 

Dccomp 

synchronous 



asynchronous 

asyiKhronoua 











^3 (5 


CRM 
Product 
WIP 


Appllcatlon|_L_^ 


CRM 
1 LOB 


Figure 2-40. Composite Patterns: Electronic Commerce IN234.0 

Notes: 

There are two basic approaches to e-commerce patterns: 

• The first approach, which is often described as a Web-up, is used to very quickly enable 
a Web-based buying site without any close integration with back-end systems. 

• The second approach, which is often referred to as Enterprise-out, extends an existing 
order processing system to a new Web-based buying channel. This case includes close 
integration with, and reuse of, existing back-end systems. 

Use The Web-up application pattern if you are building a new application and there is no 
need to interface with legacy or third-party applications or data. All of the required data is 
handled by the new e-business application. It does not need to share, access, or exchange 
data with other applications. The application implements all required functions and does 
not rely on functionality provided by other existing applications. 

The Enterprise-out application pattern applies to scenarios that require integration with 
legacy or third-party applications. The new application is not built as a stand-alone solution 
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but instead needs to integrate with existing applications. The integration can be achieved 
on a functional basis or a data basis using a transaction interface or a data interface. 
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Composite Patterns: e-Marketplaces 


Composite Pattern for a Trading Exchange 
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Figure 2-41. Composite Patterns: e-Marketplaces IN234.0 

Notes: 

e-Marketplaces are trading exchanges that facilitate and promote buying, selling and 
business communities among trading partners within certain industries. These solutions 
represent some of the most comprehensive and complex e-business applications that exist 
today. There are three types of e-Marketplaces: 

• Trading Exchange 

• Sell-Side Hub 

• Buy-Side Hub 

A Trading Exchange allows buyers and sellers to trade goods and services on a public site. 

In a Sell-Side Hub the seller owns the e-Marketplace and uses it as a vehicle to sell goods 
and services to prospective buyers across the Web. 

In a Buy-Side Hub the buyer of goods owns the e-Marketplace and uses it as a vehicle to 
leverage the buying or procurement budget to solicit the best deals for goods and services 
from prospective sellers across the Web. 
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Composite Patterns: Portals 


Composite Pattern for Portals 
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Figure 2-42. Composite Patterns: Portals IN234.0 

Notes: 

The Composite pattern for Portal applications is made up of an Access Integration pattern 
that facilitates functions such as single sign-on, multiple device support and 
personalization, plus at least one other Business pattern. 

Many variants of portal applications exist. But, two of the most commonly seen 
implementations include: 

• An Enterprise Intranet Portal 

• A Collaboration ASP 

An Enterprise Intranet portal provides self-service functions that provide access to human 
resource applications such as payroll, benefits, travel expenses and other such 
applications. In addition, this type of portal aggregates content from various sources and 
provides seamless access to this content. Finally many Enterprise Intranet portals provide 
collaboration functions such as virtual help desks, e-mail and instant messaging. IBM’s own 
intranet at w3.ibm.com is an excellent example of an Enterprise Intranet Portal. 
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A Collaboration Application Service Provider (ASP) typically provides Internet users access 
to a particular type of collaboration solution such as e-mail or instant messaging. 
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Composite Patterns: Account Access 


Composite Pattern for Account Access Solutions 
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Figure 2-43. Composite Patterns: Account Access IN234.0 

Notes: 

Account Access solutions provide customers around-the-clock access to their account 
information. They also allow users to inquire, update and delete information on their 
individual accounts. There are many applications that fall under this category of solutions, 
ranging from trading applications provided by online brokerages to account manager 
functions provided by utilities such as telephone companies. This category of solutions also 
includes account access applications provided by banks, credit card companies and 
insurance companies. 

The Composite pattern for an Account Access solution consists of: 

• An Access Integration pattern that provides a unified mechanism to implement single 
sign-on capabilities. This pattern is also used to provide a personalized experience to 
the account holder. 

• A Self-Service business pattern which provides access to information stored in core 
business systems and databases 
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The solution may optionally include an Information Aggregation pattern in cases where 
information from multiple accounts is summarized to provide a single unified portfolio view 
to the customer. 

The solution can also include the Collaboration business pattern as functions such as 
online chat with a customer service representative and help desk support are added to it. 

If the solution has any one of the optional Business patterns the solution may optionally 
include an Application Integration pattern to seamlessly combine multiple Business 
patterns. 


2-60 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Custom Designs (1 of 2) 


•Custom Designs are similar to Composite patterns 
-Combine Business patterns and Integration patterns to 
create complex advanced e-business applications 
-Have not been widely implemented so not proven to be as 
reusable as other patterns. 

•Custom Designs on the patterns Web site: 

-Integrating the Self-Service and Collaboration patterns 
using WebSphere and Domino 
-Integrating WebSphere Application Server with SAP R/3 


Figure 2-44. Custom Designs (1 of 2) IN234.0 

Notes: 

Custom designs, like Composite patterns, combine Business patterns and Integration 
patterns to create complex, advanced e-business applications. Custom designs are 
solutions that have not been implemented to the extent of Composite patterns, however. 
Custom designs can be developed to solve one specific company's e-business problems, 
or perhaps several enterprises with similar problems. This purpose can prove incredibly 
valuable, of course. But, Custom designs do not meet the higher qualifications of a 
Composite pattern, and do not give as great a reassurance of reusability, because they 
have not been "recurrently employed to solve the problems of businesses across a wide 
range of industries." However, as the Custom designs detailed on the Patterns for 
e-business Web site are used more and more by diverse developers, vocal about the 
benefits and limitations of these solutions, these custom designs might eventually achieve 
the status of Composite patterns. 
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Custom Designs (2 of 2) 


Composite Pattern for WebSphere/Domino 
Integration 


Self Service 





Collaboration 



Composite Pattern for WebSphere/SAP Integration 
in self-service applications 



Composite Pattern for WebSphere/SAP Integration Composite Pattern for WebSphere/SAP Integration 
in extended enterprise applications in e-commerce applications 
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Figure 2-45. Custom Designs (2 of 2) IN234.0 

Notes: 

These pattern diagrams illustrate some of the composite patterns that have been 
determined for the custom designs. 
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Unit Summary 

•Patterns for e-business provide a simple and consistent way 
to translate business priorities and requirements into technical 
solutions 

•Business Patterns 

-Self-Service, Collaboration, Information Aggregation, 
Extended Enterprise 
•Integration Patterns 

-Access Integration, Application Integration 
•Composite Patterns 

-Account Access, Portals, e-Commerce, e-Marketplaces 
•Custom Designs 
•Application Patterns 
•Runtime Patterns 
•Physical Product Mappings 


Figure 2-46. Unit Summary IN234.0 

Notes: 
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Unit 3. Methodology and Tools 

What This Unit Is About 

This unit enables the student to describe the methods and tools used 
in this course to build designs. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Describe design notations 

• Describe some of the methodologies used to design Web-based 
applications 

• Describe common tools and how they relate to design 


How You Will Check Your Progress 

Accountability: 

• Discussion 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 


© Copyright IBM Corp. 1999, 2003 Unit 3. Methodology and Tools 3-1 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 




Design with 
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Notes: 
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3.1 Methodology and Tools 
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Unit Objectives 


After completing this unit, you should be able to: 

•Explain level of design within architecture/system thinking 
•Describe notation conventions and models 
•Discuss Design tools 

•Explain detailed process for design in this course 


Figure 3-2. Unit Objectives IN234.0 

Notes: 


3-4 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 






Student Notebook 


Context 


•"Design a thing by considering it in its next larger context: 
a chair in a room, 

a room in a house, 

a house in an environment, 
an environment in a city plan.” 


Figure 3-3. Context IN234.0 

Notes: 

Our task in this course is to design applications using patterns for a particular level of 
system. We will have to consider both the higher and lower levels of context for what we 
build. 
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Design Decisions Depend on What Is Being Designed 


•Vision 

•Principles 

•Models 

•Building Blocks 
•Criteria 
•Standards 
•Arch. Management 
•Infrastructure Plan 






Figure 3-4. Design Decisions Depend on What Is Being Designed IN234.0 

Notes: 

There are no universal rules for design. All design is relative to goals and methods. Many 
different constraints can influence the design. Which ones are important in your business 
environment? 
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The Purpose of Systems Architecture 


•Manage complexity of the IT system 

•Analyze the required functionality 

•Assist in the analysis of service level requirements 

•Specify physical computer systems 

•Define the connection of system elements 

•Document decisions 

•Provide the rules 


Figure 3-5. The Purpose of Systems Architecture IN234.0 

Notes: 

To break down the complexity of the IT system so that developers can analyze and design 
components and nodes in relative isolation from each other (while still coordinating 
activities) 

To analyze the required functionality so that required technical components (or 
iinfrastructure?) can be identified 

To assist in the analysis of service level requirements so that the means of delivering them 
can be designed 

To provide a basis for the specification of the physical computer systems on which the IT 
system will execute and the mapping of components onto these computer systems 

To define the structuring and strategy for connection of system elements 

To provide a decision trail which allows the system to evolve over time - in an organized 
and well understood way 

To provide the rules of composition / decomposition of system elements 
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Design and Architecture Abstraction 

•The concept of architecture is one of abstraction 
(hiding of details). 

•We hide the details in a particular context - switching 
context requires that we change what is hidden. 
•Architecture requires one to consider multiple system 
qualities which may conflict with each other; therefore, 
tradeoffs are required, which may need to be revisited 
in later phases. 


Figure 3-6. Design and Architecture Abstraction IN234.0 

Notes: 

Architectural Views, also influence the architecture - at times it is just the representation of 
the architecture which needs to change. 

Our strategy consultants (Enterprise Architecture (EA) and so forth) define architecture as 
a framework for decision making. 
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Qualities 


•The designer must make explicit not only structures, but also 
how we will address key system qualities, such as: 

-Qualities (nonfunctional requirements) 

-Performance / Capacity 

-Availability 

-Manageability 

-Security 

-Usability 

-Portability 

-Reliability 

-Maintainability 

-Scalability 

-Safety 

-Extensibility 


Figure 3-7. Qualities IN234.0 

Notes: 
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ADS 


ADS was developed to facilitate reuse, improve communications and 
underpin IBM methods 
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and Elements 



Figure 3-8. ADS IN234.0 

Notes: 

The IBM Architecture Description Standard (ADS) definition accommodates most aspects 
of an IT system. 

"The architecture of an IT system is the structure or structures of the system, which 
comprise software and hardware components, the externally visible properties of those 
components, and the relationships amongst them". Adapted from [Bass, Clements and 
Kazman, 1998]. 

It should be extended to cover the business aspects, and time dependent (temporal) 
aspects. The definition implies that every software system has an architecture, because 
every system can be shown to be composed of components and nodes and relations 
among them. 

The behavior of each component is part of the architecture, insofar as that behavior can be 
observed or invoked from the point of view of another component. This behavior is what 
allows components to interact with each other, which is clearly part of the architecture. 
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UML 


□ Static Diagrams 

• Class, Object Relationship 

• Use Case Diagrams 

• Deployment 

□ Dynamics Diagrams 

• Sequence Diagrams (Time oriented) 

• Object Collaboration (Message oriented) 

• State 


Component Interaction Diagrams 



WF Engine 

|App Agent 


CICS App 


Audit Log | 


,get work list 


: get work item 



Component Diagrams, Relationships, Connections 


Component 1 

Contract 1 




Component 2 


Component 3 
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Contracts 
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Components 


Components 

Services, Signatures 
Collaboration 
Operation requests 


log-required? 

updatejog 


| next_step 


} a component needs other component to fulfill its obligations 


Figure 3-9. UML IN234.0 

Notes: 

The Unified Modeling Language is a notation used within the industry to document 
systems, including those written in some procedural languages. 

IBM has adopted it to document many of its products designs and functions. We use it to 
describe functional aspects of the architecture. 

Since we are not teaching UML in this class, we will use more informal diagrams for our 
work. 
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Operational Models 


Channel Connection 



Figure 3-10. Operational Models IN234.0 

Notes: 

Operational models are documented in a variety of tools, and styles. 

In this course, our diagrams will clearly represent one of several ways of drawing 
operational models. 
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Process 


•Analyze Business 
•Choose Patterns 
•Final Design 
•Diagrams 


Customer Wants and Needs 
Business Problem 
Business Processes/Rules 
Existing Environment 


Business Actors and 
Interactions 


Access Integration and 
Application Integration 


Structure, Placement 
and Integration 


Performance, Capacity, Scalability, Availability 
Resource constraints 
Best practices 



Figure 3-11. Process IN234.0 

Notes: 

We use all these methods to define requirements for e-business systems. 

Each of the Business and Integration patterns can be implemented using one or more 
application patterns. Each Application pattern describes: 

• Structure 

- Coarse grained components (tiers) of the application 

- Interactions between the (coarse grained) application components 

• Placement 

- How do we split up processing? 

- Where do we place data? 

• Integration 

- Loosely coupled versus tightly integrated 

- Impact on backend systems 
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Notation 


Patterns for e-business - Legend 


Application node 
containing new or 
modified 
components 



Read only data 



Application node 
containing existing 
components vdth no 
need for 
modification or 
vdiich cannot be 
changed 


A process that is 
external and 
transparent to the 
current application. 
However the 
interfaces to this 
process are well- 
defined 


Transient data 

• Work in progress (WIP) 

• Cached committed 

• Staged 


Read write data 



Meta Data 

•Templates 


Figure 3-12. Notation IN234.0 

Notes: 

Our conventions for drawing for both application and run-time pattern diagrams. 
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Application Pattern Example 


Decomposition 


6 . 



synch/ 

asynch 


WIP 



Read-Write 


Figure 3-13. Application Pattern Example IN234.0 

Notes: 
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Run-time Pattern Example 


Outside world 
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Figure 3-14. Run-time Pattern Example IN234.0 

Notes: 

Run-time patterns: 

• Will demonstrate certain Service Level Characteristics, which include: 

- Availability 

- Performance 

- Scalability and 

- Security 

• Can be represented by a logical node diagram 

- Defines the topology of the architecture and node placement 

• Run-time patterns are Product Agnostic. They can be mapped to IBM or non-IBM 
software and hardware products. 
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Managed Public Process Example 



Figure 3-15. Managed Public Process Example IN234.0 

Notes: 

A different type of application pattern shows another logical pattern using our notation. 
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Managed Public Process Run-time 
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Figure 3-16. Managed Public Process Run time IN234.0 

Notes: 

This example requires documenting more than one organization. 
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Applying Patterns 


•Solution based on single business pattern 

•Use the patterns for a specific solution based on a single 

business pattern 

•Enterprise architecture standards 
•Use the patterns to establish high-level enterprise-wide 
standards/convergence for individual business patterns 
•Custom design 

•Implement a single coarse-grained application associated 
with one high-level use case using a custom design 
employing multiple business and integration patterns - as in 
the Patterns for e-business - A Strategy for Reuse book’s 
FECS example. 


Figure 3-17. Applying Patterns IN234.0 

Notes: 
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Use Case Diagram 



Figure 3-18. Use Case Diagram IN234.0 

Notes: 

This diagram shows a view of the design which reflects the business done, the components 
used, and the backend systems. Adding sequence explanations would make this a good 
example of a DYNAMIC FLOW diagram. 
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Static (Component) Diagram 



Figure 3-19. Static (component) Diagram IN234.0 

Notes: 

This diagram shows the software components to do all business functions in the business 
case. The transfer funds function has here been shown as the chosen session bean 
component. With descriptions, this becomes a Static Application diagram. 
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Run-time (Structure) Diagram 



User 
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Web Server 
(redirector) 




CICS 



Checking 



Figure 3-20. Run-time (Structure) Diagram IN234.0 

Notes: 

Components are supported by containers/platforms. This is a solution overview or run-time 
diagram. 
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Unit Summary 


•Explained level of design within architecture/system thinking 
•Described notation conventions and models 
•Discussed Design tools 

•Explained detailed process for design in this course 


Figure 3-21. Unit Summary IN234.0 

Notes: 
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Unit 4. Design Using Assigned Patterns 

What This Unit Is About 

This unit describes the Self Service Business patterns in more detail, 
reviews the J2EE architecture, the programming model, the role of the 
various components and general concepts of distributed systems in 
e-business. The WebSphere Application Server is also reviewed. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Explain the basic categories of e-business patterns 

• Differentiate between components of different patterns 

• Interpret the scenario description and list business drivers 

• Associate business drivers to patterns 

• Select patterns by: 

- IT drivers 

- Business drivers 

- Technology differentiators 

• Create a pattern-based design using provided templates and 
simple notation conventions 

• Evaluate whether the business drivers and IT drivers are reflected 
in the designs presented by their own team and other teams 


How You Will Check Your Progress 

Accountability: 

• Case Study exercise 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 


© Copyright IBM Corp. 1999, 2003 Unit 4. Design Using Assigned Patterns 4-1 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 




Design with 
Patterns 


e-business 


Welcome to: 


Unit 4. Design Using Assigned Patterns 



Figure 4-1. Design with Patterns 


IN234.0 


Notes: 
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4.1 Design Using Assigned Patterns 
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Unit Objectives 

After completing this unit, you should be able to: 
•Describe Self-Service Application Patterns 
•Explain Selection Criteria for Self-Service Patterns 
•Discuss Business Drivers for Self-Service Patterns 
•Discuss IT Drivers for Self-Service Patterns 
•Describe J2EE 1.3 specification and model 
•Describe J2EE application structure and flow 
•Explain J2EE components and services 
•Discuss WebSphere Application Server 5.0 structure 
and packaging 


Figure 4-2. Unit Objectives IN234.0 

Notes: 
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Business Patterns 

Business Patterns are the basic building blocks for solutions 



Users Data from 

accessing multiple 

data and sources 

information on aggregated 

a 24 x 7 basis and presented 

across 
multiple 
channels 


Users 

working with 
one another 
to share data 
and 

information 


Integrating 

data and 

processes 

across 

enterprise 

boundaries 


Figure 4-3. Business Patterns IN234.0 

Notes: 
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Application Patterns 


Each of the four Business patterns can be implemented using one or more 
application patterns. Each Application pattern describes: 

•Structure 

-Business Actors in the application 
-Interactions between the business actors 
•Placement 

-How do we split up processing ? 

-Where do we place data ? 

•Integration 

-Loosely coupled versus tightly integrated 
-Impact on backend systems 


Figure 4-4. Application Patterns IN234.0 

Notes: 
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Application Patterns for Self Service 



Figure 4-5. Application Patterns for Self Service IN234.0 

Notes: 
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Directly Integrated Single Channel 


Pres. 


synch 



Figure 4-6. Directly Integrated Single Channel IN234.0 

Notes: 

The Directly Integrated Single Channel application pattern provides a structure for 
applications that need one or more point-to-point connections with back end applications 
but only need to focus on one delivery channel. This Application pattern can also be used 
to implement any one of the delivery channels. However, we focus primarily on the Web 
delivery channel. 

The Business and IT Drivers for this pattern are: 

• Improve the organizational efficiency 

• Reduce the latency of business events 

• Leverage existing skills 

• Leverage legacy investment 

• Back end application integration 

However, the primary business driver for choosing this Application pattern is to reduce the 
latency of business events by providing real-time access to backend applications and data 
from Web applications. 
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The primary IT Driver for choosing this Application pattern is to leverage legacy 
investments and existing skills. 
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Router Pattern 



Figure 4-7. Router Pattern IN234.0 

Notes: 

The Router application pattern provides a structure for applications that require the 
intelligent routing of requests from multiple delivery channels to one of multiple back end 
applications. 

Business and IT Drivers: 

• Reduce the latency of business events 

• Easy to adapt during mergers and acquisitions 

• Integration across multiple delivery channels 

• Minimize total cost of ownership (TCO) 

• Leverage existing skills 

• Leverage legacy investment 

• Back end application integration 

• Minimize enterprise complexity 

• Maintainability 

• Scalability 
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The primary business driver for choosing the Router application pattern is to support 
seamless integration across multiple delivery channels. In this digital economy, users 
demand universal access to information. To satisfy this demand, many corporations 
support multiple delivery channels including the Internet, voice recognition units, kiosks, 
call center applications, and so on. Users expect to retrieve the same information 
irrespective of the delivery channel they use to access the information. For example, it is 
important for a discount brokerage firm to ensure that users can retrieve trade execution 
status consistently either through a Web site or through a voice recognition unit. At the 
same time, these organizations have multiple backend applications. For example, due to 
different tax requirements, discount brokerage firms often maintain IRA and regular 
investment accounts on different backend applications. Because of this, many channels 
have a need to access the information from multiple back end applications. 

Applications, over a period of time, evolve either to take advantage of new technological 
breakthroughs or to accommodate a changing business environment. Ideally such changes 
to one application should be isolated from another. In other words, if a backend application 
is replaced with a new system to take advantage of a new technology, that replacement 
should not result in significant changes to all the delivery channels that access that back 
end applications. At the same time a business decision to support a new delivery channel 
such as wireless PDAs should not require major changes to backend applications, such 
extensibility is especially important for organizations that are in a highly volatile business 
environment and have plans for mergers and acquisitions. The Router application is ideally 
suited for such organizations. 

The primary IT driver for choosing this Application pattern is to minimize enterprise wide 
complexity and reduce the total cost of ownership by using a hub-and-spoke architecture 
instead of a point-to-point architecture between delivery channels and backend 
applications. 
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Decomposition Pattern 



synch 



synch/ 
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Figure 4-8. Decomposition Pattern IN234.0 

Notes: 

The Decomposition application pattern extends the hub and spoke architecture provided by 
the Router application pattern. It decomposes a single, compound request from a client into 
several, simpler requests and intelligently routes them to multiple backend applications. 
Typically the responses from these multiple backend applications are recomposed into a 
single response and sent back to the client. 

Business and IT Drivers: 

• Improve organizational efficiency 

• Reduce the latency of business events 

• Easy to adapt during mergers and acquisitions 

• Integration across multiple delivery channels 

• Unified customer view across Lines of Businesses (LOB) 

• Minimize total cost of ownership (TOO) 

• Leverage existing skills 

• Leverage legacy investment 

• Backend application integration 
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• Minimize enterprise complexity 

• Maintainability 

• Scalability 

All business and IT drivers listed under the Router application pattern apply here as well. 
Additional drivers relate to the fact that many organizations have back end applications that 
are focused on certain product lines. For example, insurance companies use different 
systems for supporting health insurance policies and life insurance policies. Such product 
specific silos evolved out of necessity since the business logic and data requirements of 
different products were vastly different. For the same reason, many companies plan to 
continue to use separate systems for separate product lines. 

These same companies, however, want to provide a unified customer view when 
customers visit the self-service Web sites or contact the call centers, rather than providing 
a fragmented, product-specific view. Similarly when changes are made to customer 
information in one system, they should be automatically reflected in other systems. In the 
above example of an insurance company that sells health insurance and life insurance 
policies, changes to address information should be automatically reflected in both the 
systems. Such features are increasingly important since customers often ask for a 
consolidated view of their multiple accounts. 
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Agent Pattern 
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synch/ 
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WIP 



Figure 4-9. Agent Pattern IN234.0 

Notes: 

The Agent application pattern structures an application design that provides a unified 
customer-centric view that can be exploited for mass customization of services and for 
cross-selling purposes. 

Business and IT Drivers: 

• Improve organizational efficiency 

• Reduce the latency of business events 

• Easy to adapt during mergers and acquisitions 

• Integration across multiple delivery channels 

• Unified customer view across Lines of Businesses (LOB) 

• Support effective cross selling 

• Mass customization 

• Minimize total cost of ownership (TOO) 

• Leverage existing skills 

• Leverage legacy investment 

• Backend application integration 
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• Minimize enterprise complexity 

• Maintainability 

• Scalability 

All the business and IT drivers listed under the Decomposition application pattern apply to 
this Application pattern as well. In addition, it allows an organization to exploit a unified 
customer view for mass customization and for cross-selling purposes on an Internet 
Self-Service site. 

As an example of these requirements, consider a telecommunications company that 
provides various services including local telephone access, long distance services, 
wireless services, and Internet access. To effectively cross-sell to customers, this company 
will require a consolidated view of all its relationships with each customer. 
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J2EE 


•Component-based approach for developing, deploying and 
managing multitier distributed enterprise applications. 
•Components depend upon the run-time support of system- 
level entities called containers. 

-Containers provide: 

•Lifecycle management 

•Deployment 

•Threading 

•Many component behaviors can be customized declaratively 
when deployed in a container. 


Figure 4-10. J2EE IN234.0 

Notes: 
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J2EE Platform Technologies 


•Components 
-Client Side Components 
•Applets 

•Application Clients 
-Server Side Components 
•EJBS 

•Web Components (Servlets, JSP, HTML) 

•Services 

-Functions utilized by J2EE components 
-APIs implemented by J2EE platform provider (WebSphere) 
•Communication 

-Enable communication between collaborating components 
-Provided by containers 



Figure 4-11. J2EE Platform Technologies IN234.0 

Notes: 

Benefits of J2EE 

• Simplified architecture and development 

• Variety of standard services, components and clients 

• Choices for tooling 

• Portability 

• Integration with existing information systems 

• Separation of responsibilities 

• Scalability 

• Flexible security model 
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J2EE Object Model 



Presentation 


Presentation 


Business Logic 


Figure 4-12. J2EE Object Model IN234.0 

Notes: 

Client Side Components: Applets - GUI components that normally execute in a Web 
browser. Can also execute in other applications or devices that support the applet 
programming model. Typically used to provide a user interface to J2EE applications. 

Client Side Components: Application Clients - Java Programming Language programs, 
typically GUI programs, have access to all the services on the J2EE middle tier. 

Server-Side Components: Servlets - Servlets are Java classes that allow application 
logic to be embedded in HTTP request-response process. J2EE 1.3 requires: Servlet 2.3 
specification (fully supported by WebSphere 5.0) 

Java Server Pages (JSP) - HTML document, Embedded JSP specific tags, Inline Java 
Code, On the server, JSP Page is parsed and compiled into a Java Servlet. WebSphere 
5.0 fully supports JSP 1.2. 

EJBs - Server side components, run in a separate container, specifying scope of behavior, 
supports EJB 2.0. 
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Model, View, Controller 



Figure 4-13. Model, View, Controller IN234.0 

Notes: 
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HTTP Flow 



+ DNS Query 
♦ DNS Response 

+ SYN SEQ 
+ SYN ACK 
+ ACK 


♦ GET /file.html HTTP/1.0 


♦ HTTP/1.0 200 Doc... 


♦ FIN ACK 
♦ACK 


Figure 4-14. HTTP Flow IN234.0 

Notes: 

Each request can start a new logical connection 

Each connection supports a series of packet exchanges until the request is completed by a 
response 

The connection is normally dropped after the response 

No information is kept in the HTTP protocol after the single request/response 

Enterprise applications usually need to keep track of multiple requests. 
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Keeping State 


Start-Line 

Header 

CRLF 

Body 

In the URL: Transparent to user, HTML must be generated dynamically 

Start-Line 

Header 

CRLF 

i 2 a 

boa y , s ■« 

In a FORM tag: Transparent to user, HTML must be generated 
dynamically 

Start-Line 

Header 

CRLF 

Body 


In the Header: User is informed, must be supported by browser, stored 
locally, can be disabled(!) 


Figure 4-15. Keeping State IN234.0 

Notes: 

Cookies are most commonly used with two techniques in general usage: 

• Write the actual stored information in the cookie itself 

• Write an index value which identifies the information stored in the server. 

The second technique is more private but the server must manage the data. 


© Copyright IBM Corp. 1999, 2003 Unit 4. Design Using Assigned Patterns 4-21 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 






























Student Notebook 


WebSphere 5.0 



Tier-0 Web Browsers 


WebSphere Application Server Platform 


Runtime+Tools=Successful e-business applications 


Figure 4-16. WebSphere 5.0 IN234.0 

Notes: 

• J2EE 1.3 Compliance 

• EJB2.0, Servlet 2.3, JSP 1.2 

• Integrated, built-in JMS provider 

• Interoperable Naming Service 

• J2EE 1.3 Security: Java 2 Security, JAAS, Enhanced Pluggable Authentication 

• Extended Web Services Support 

• Enhanced SOAP support, Private UDDI Registry, and Web Services Gateway 

• New, more open, flexible administration model 

• Based on Java Management Extensions (JMX) 

• Provides improved failover capability and high availability 

• User interface enhancements and application management 

• Edge Components Integration 

• Extensions: beyond the standard programming model 
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New Terminology 


■Managed Process or Server 

- Each server running in its own JVM 

•Application Servers 
•JMS Server 
•Node Agent 

- Resides on a single node (physical machine) 

- Manages the servers running on the node 
■Deployment Manager 

- Manages the multiple nodes in a 
distributed topology 

•Cell 

- Network of multiple nodes in a 
single logical administration 
domain 




/ A 


|XML 1 

Config 1 

App Server App Server App Server 

rXML [ IxML | fxML 

Config | In** "'1 Config 1 ~| Config 



ns 

CH 


Figure 4-17. New Terminology IN234.0 

Notes: 

Before we discuss the details of packaging, it's important to understand some fundamental 
administrative concepts. 

By Managed Process or Server we mean any instance of a JVM that can be managed in a 
WebSphere V5 environment. Application Servers are managed processes, but also JMS 
Servers (a special type of server that runs the integrated JMS infrastructure) falls in this 
category too. Other examples of managed serves are the Node Agent and the Deployment 
Manager, which are discussed later in this chart. 

The Node Agent is responsible for controlling with all the remaining servers running on a 
certain box. Most likely, you will be running a single node agent on a certain physical 
system, although it is conceivable that on some very high-end systems multiple node 
agents may be concurrently up and running 

A network of related node agents makes a Cell. A Cell is very similar to the concept of 
domain we had in the previous versions of WebSphere. 
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In a Cell, there is going to be a single Deployment Manager - and although you may be 
inclined to think that this process is equivalent to the Administrative Server of previous 
releases, this is NOT the case here. The Deployment Manager main purpose is to allow an 
administrator to manage the resources in the entire cell - in other words, it provides the 
ability to perform centralized administration in the cell. 
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WAS 5.0: Packaging Modules 




Deployment 

Manager 

- Admin 

- Clustering 



Extensions (future) 



Network Deployment 


These modules will be combined in different product packaging configurations 


Figure 4-18. WAS 5.0: Packaging Modules IN234.0 

Notes: 

In the Version 5 timeframe, WebSphere development is going to provide four separate 
deliverables - these deliverables can be combined together to provide a variety of 
marketable product packages. 

The base App Server includes the code for the Version 5 Application Server - providing full 
J2EE 1.3 compliance. It also includes the code for the Node Agent, which will be dormant if 
used in a single server environment. 

The Network Deployment deliverable includes the Deployment Manager. This is the 
deliverable that enables customers to create a cell and have multiple processes, multiple 
systems, clusters, and so forth in a single cell. 

The Enterprise deliverable includes a number of functional extensions that are primarily 
targeted at supporting sophisticated application functions - that go beyond the scope of the 
standard specifications. 
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In the future, we are also going to make available a deliverable that will be focused on 
extending the quality of service of the base product, for example, by providing more 
sophisticated workload management or failover functions. 
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WAS 5.0 Packaging Scenarios 


Deploymeri 
t Manager 
- Admin 

App 

Ser Clustering 




Version 5 




Application Server 
Network Deployment, 
Version 5 





Version 5 


Figure 4-19. WAS 5.0 Packaging Scenarios IN234.0 

Notes: 

Let's focus on three of the four packaging options that are available to the WebSphere 5.0 
customers. The first one, WebSphere Application Server Express is meant for the quick 
migration of Web servers to the WebSphere environment and support only Servlets and 
JSPs. The other three fully implement the J2EE structure. 

WebSphere Application Server, Version 5 includes the code and the license for a single 
application server. Conceptually, this packaging configuration is equivalent to the 
WebSphere Application Server, Single Server Edition we have in Version 4 - the node 
agent that is shipped in this configuration is not going to be utilized, until the customer 
upgrades to the next level, the Network Deployment configuration. 

WebSphere Application Server, Network Deployment V5 includes the base application 
server, the Node Agent and the Deployment Manager. This configuration enables 
customers to run multiple application servers, on a single physical node or on multiple 
distributed systems, and to centrally administer the Cell. 
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The WebSphere Application Server Enterprise V5 includes support for some high-end 
application functions such as workflow, extended transactions, business rules beans, and 
so on. Technically, it can run on the base server or in a Network Deployment configuration. 
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Development and Deployment Process 



Figure 4-20. Development and Deployment Process IN234.0 


Notes: 

The WebSphere Studio products and the WebSphere Application Server runtime are 
specifically designed for a seamless integration. 

On the top of the chart you can see that you can develop a J2EE Enterprise App and test it 
right inside of the Studio product, where you'll find an integrated test environment which is 
identical to the externally available product - once testing is complete, the application (EAR 
file) can be installed directly on the runtime - or it can be exported and distributed to be 
installed at a later time. 

The same processes are available to the enterprise developer and customers. WebSphere 
Studio Application Developer Integration Edition is the product that integrates a WAS 
Enterprise test environment. 
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Base Application Server 


•Single Server (similar to 4.0 AEs) 
•Configuration files in XML 
•J2EE 1.3 Compliant 
•Web Services 
•Application Assembly Tool 
•Admin client programs are used to modify 
configuration settings 
-Web Based Admin (WebConsole) 
-WebSphere Scripting (Wsadmin) 




Single Server 


Figure 4-21. Base Application Server IN234.0 

Notes: 

WebSphere Application Server resides on a single node. That is, each machine holds a 
separate installation of the product that is unaware of installations on other machines. The 
configuration files are in XML 

In the Base Application Server, the node agent code is there. The server.xml for the node 
agent is created when addNode is done - Basically the node agent is not configured for a 
Base Application server environment 

WebSphere Application Server Network Deployment provides centralized administration of 
multiple nodes, allowing you to administer nodes on multiple machines. 
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Distributed Administration 


•Distributed Administration requires WebSphere Network Deployment 

to be installed 

•Terminology 

- Managed Process - individual server or process like Application 
Server or JMS Server 

- Node - Consists of a set of Managed processes, managed via a 
Node Agent 

- Cell - Aggregation of Nodes. A Deployment Manager on the Cell 
controls and communicates with all the Node Agents. 



Notes: 

Network Deployment allows you to manage multiple WebSphere Application Server, 
Version 5 nodes from a single, central location. You can install Network Deployment on any 
machine in the network to create a network deployment manager cell. The machine on 
which you install Network Deployment does not require WebSphere Application Server, 
Version 5 to be installed. Once you have installed and started the network deployment 
instance, you can use the addNode tool provided with WebSphere Application Server, 
Version 5 to add a WebSphere Application Server, Version 5 instance (node) to the network 
deployment cell. Once a node has been added to a network deployment cell, the network 
deployment manager for the cell assumes responsibility for the configuration of any 
application server nodes that belong to the cell. The network deployment manager creates 
configuration files for each WebSphere Application Server node which has been added to 
its cell. 

A node is a set of managed servers on a physical machine in a topology composed of one 
or more machines. A node contains a WebSphere Application Server installation. A 
managed server is a single WebSphere Application Server JVM instance, running in its 
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own process. A node cannot span multiple machines, but a machine can have multiple 
nodes, each with multiple managed servers. 
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Configuration / Application Data 



Figure 4-23. Configuration / Application Data IN234.0 

Notes: 

Configuration files - Each managed process, Node Agent, Deployment Manager starts with 
its own configuration file. 

Cell Contains the MASTER configuration and application files. 

Any changes made at node agent or server level are local and will be overridden by the 
MASTER configuration at the next synchronization (update). 

Each process has all the data (both, configuration and application) to start itself. 

The configuration data is in XML files, and the application data in EARs. 

In the WAS Network Deployment environment, you can have the admin client attach to any 
process (Deployment Manager, Node Agent or individual servers) to make changes to the 
configuration. For changes to be permanent, it should be done at the Deployment manager 
level - it contains the master repository. Individual nodes and servers synchronize the files 
with the master config data. 

Config changes made by connecting to a the Node Agent or Server is temporary until the 
next File synchronization pushes the master config data from the cell. 
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Deployment Manager checks in/out the configuration files from the config repository. 

Node Agents request the changes from the Deployment Manager for any new configuration 
changes. 
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Configuration/Application Data 


•Administration points within a Cell - 

- Deployment Manager - manage everything under the cell - 
recommended 

- Node Agent - manage everything under the node, not the cell 

- Managed Process - manage the server process configuration, not 
the node or the cell 

- Can have the Admin client attach to any of the above process 

•Deployment Manager contains the MASTER copy of the 
configuration/application files 

-Admin Client programs are used to modify configuration settings 

- Individual nodes and servers synchronize the files with the master 
configuration files (repository) 

- Only changes made at the cell level are permanent 

- Configuration changes made at the Node Agent or Server level are 
temporary 

•At next data update time, the master data is pushed down to the 
Nodes 

- Deployment Manager checks in/out the configuration files from the 
master repository 

•Node Agent receives updates of configuration/application data from 
Deployment Manager at each file synchronization 


Figure 4-24. Configuration/Application Data IN234.0 

Notes: 

A cell retains master configuration files for each server in each node in the cell. Each node 
and server also have their own local configuration files. Changes to a local node or server 
configuration file are temporary, if the server belongs to the cell. While in effect, local 
changes override cell configurations. Changes at the cell level to server and node 
configuration files are permanent. Synchronization occurs at designated events, such as 
when a server starts. 
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WebSphere 5.0 Admin Console Overview 


•Browser-based Admin Console was introduced in the 
WebSphere 4.0 AEs 

•In WAS 5.0, Browser based Admin Console is expanded to 
manage entire Cell. 

•Admin Console is standard J2EE 1.3 Web application 
-The Admin Web Application loads, edits and updates the 
configuration (XML) files. 

•Supported Browser: 

-Microsoft Internet Explorer 5.0, 5.5, 6.0 (or later) 
-Netscape Navigator 4.7.x (varies by platform) 


Figure 4-25. WebSphere 5.0 Admin Console Overview IN234.0 

Notes: 

The WebSphere administrative console is a graphical, Web-based tool that you use to 
manage the IBM WebSphere Application Server administrative server. The administrative 
console supports a full range of product administrative activities. 

WebSphere release 5.0 Administrative Web application build upon the Admin Web 
application architecture and functions which were introduced in the WebSphere 4.0 AEd/s 
offerings. In the 4.0 time frame, the scope of the Administrative Web application was 
designed to accommodate the requirements necessary to support the configuration 
capabilities for a single WebSphere Domain, Node, and Application Server, while 
transitioning over to a new XML-based configuration architecture. 

Netscape 6.1 Browser is not supported, but is expected to work. 
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How Does It Work? 


•The Admin Web Application runs within an Application Server 
instance on a node. 

•Browser access the Admin Web Application 
-Perform configuration/operational changes 
-http://localhost:9090/admin 



Stand-alone Single Server 


Figure 4-26. How Does It Work? IN234.0 

Notes: 
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Admin Console in a Multinode Topology 



■ In a complex deployment, the Admin Web Application may be configured on a 
standalone Application Server. Any changes made are local 


Figure 4-27. Admin Console in a Multinode Topology IN234.0 

Notes: 


4-38 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


















































Student Notebook 


WebSphere 5.0 Administrative Console 


3 http://localhost:9080/admin/secure/logon.do - Microsoft Internet Explorer 


JDJXI 


File Edit View Favorites lools Help 



BaseApplicationServerCell 

El Console Management 
El Environment 
El Servers 
El Applications 
B Resources 
B JMS 

Manage Generic JMS 

Manage MQSeries 

Manage WebSphere 


The items in your configuration that 
master repository configuration whel 
B View items with changes 


View the items that will 
be updated with the 
save operation 


Changed Items 



cellsJ8aseApplicationServerCell/hodesfriya2A'esources.xml 

Updated 

Save Discard 

Cancel 


WebSphere Status < Previous Next > May 29,200211:23:57 AM CDT O 



Status Messages 
Area 



Figure 4-28. WebSphere 5.0 Administrative Console 


IN234.0 


Notes: 

The WebSphere administrative console is a graphical, Web-based tool that you use to 
manage the IBM WebSphere Application Server administrative server. The administrative 
console supports a full range of product administrative activities. 

The console has these main areas: 

• The taskbar 

• The cell tree view 

• The workspace 

• The status messages area 

You can resize these areas as desired. 

The taskbar 

The taskbar provides a way for you to return to the console Home page, to save changes 
that you have made to administrative configurations, to access product information and to 
log out of the console. 

The cell tree view 
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You use the tree view on the left side of the console to survey, select, and manage 
components in a WebSphere administrative cell. 

The workspace 

The console workspace provides links to pages that provide step-by-step instructions on 
installing application, updating applications, and creating application servers. The console 
also provides a search function for locating and viewing resource objects and some 
information about adjusting the console to meet your needs. 

The status messages area 

The messages area at the bottom of the console lists messages returned by the 
WebSphere Administrative Server as well as messages about events such as successful 
completion and fatal errors. 

You can customize the contents of the message list and limit the message log size in the 
Preferences settings. 

Hide Field and Page Description: 

Additionally, you can select whether information on console pages and fields within console 
pages is shown using the Hide Field and Page Descriptions toggle. Icons on the right-hand 
side of the taskbar provide the toggle. 
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Configuration Repository 


•Configuration data for WebSphere 5.0 are XML documents 
•There are three tiers: cell, node, server 
•Each directory contains several documents related to 
different parts of the system. For example: 

-The node level directory typically contain documents 
that define: 

•Resources available on the node (resources.xml) 
•Variable substitution values to use for processes on 
that node (variables.xml) 

•Admin client programs are used to modify configuration 
settings: 

-Web-Based Admin (Console) 

-WebSphere Scripting (Wsadmin) 


Figure 4-29. Configuration Repository IN234.0 

Notes: 

WebSphere Application Server stores configuration data for in several documents in a 
cascading hierarchy of directories (Arranged in a set of cascading directories under 
<was_root>/config directory.) Most configuration documents have XML content. You can 
use one of the administrative tools (console, wsadmin, Java APIs) to modify configuration 
documents or edit them directly. It is preferable to use the administrative console because it 
validates any changes that you make to configurations. 
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Application Management: Tools 


•Assembly Tools 

-Application Assembly Tool (AAT) 
-Eclipse based AAT 
-WebSphere Studio Family of Products 
•Enterprise Application Management Tools 
-Browser based Admin Console 
-Command line tools 


Single Server 




Figure 4-30. Application Management: Tools IN234.0 

Notes: 

Browser-based admin console is struts based. 

Application Assembly Tool (AAT) is updated with support for J2EE 1.3 and usability 
enhancements. 

Eclipse base AAT plugin will be made available during GA time as a technology preview 

WebSphere Studio Family of Products - Full IDE for developing and unit testing J2EE 
Enterprise applications 

Enterprise Application Management Tools: 

• Browser based Admin Console. For WAS standalone, attach the browser directly to the 
Application Server. For multinode topology, attach the browser to the Cell’s deployment 
manager. 

• Command line tools: WSAdmin provides command line script support for 
administration. It uses JMX to connect to the server to execute administrative tasks. 
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Plug-ins 



Figure 4-31. Plug-ins IN234.0 

Notes: 

Defining transports in the WAS configuration sets up the configuration information for the 
plug-in component installed at the HTTP server. The information is passed through the 
plugin-cfg.xml file placed on the file system of the HTTP server. 

The port number and host name of the imbedded server process in the Web Application 
Server identifies the target for the incoming request from the browser. 

After changing the application server configuration, the XML will need to be regenerated 
and moved to the HTTP server. Failure to regenerate usually results in a 404 File Not 
Found error. 

Reference: Best Practice: WebSphere Plug-in Configuration Regeneration 
www7b.boulder.ibm.com/webapp/dd/transform.wss?URL=/wsdd/library/bestpractices/plug 
in 
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WebSphere 5.0: Summary 



Tier-0 Web Browsers 


WebSphere Application Server Platform 


Runtime+Tools=Successful e-business applications 


Figure 4-32. WebSphere 5.0: Summary IN234.0 

Notes: 

WebSphere Application Server version 5 addresses all of the in demand industry 
requirements: 

• It provides a standard, scalable transaction engine through the base app server, where 
the core business processes are executed. 

• It provides a variety of options for integrating diverse client technologies and B2B 
interactions. 

• It provides a variety of leading edge functions that allows customers to enhance and 
complement the core transactional processes with micro- and macro-workflow 
functionality, job scheduling, messaging patterns, and other advanced features. 

• It is part of an overall portfolio of products that include the WebSphere Studio family, 
where tooling and run time are specifically designed to work seamlessly together and to 
support all the aspects of the complex lifecycle of modern applications. 
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Exercise 2 - Building a Design Using Assigned Patterns 


•Introduction to case study 
-Driver review 
-Example solution slides 
•Read the exercise materials 
-Background resources as necessary 
-Case study drivers and scenario 
-Requirements statements and priorities. 
•Create design on transparencies 
-Solution Overview 
-Static view 

-Dynamic trace of specific use case 
-Run-time pattern with product application 
-List of resources to accomplish project 
•Present designs. 

•Evaluate designs 


Figure 4-33. Exercise 2 - Building a design using assigned patterns IN234.0 

Notes: 

A short overview of the business scenario and drivers will be presented by the instructor. 
Then student teams will have a longer time to read and review materials before creating the 
required slides for the exercise. Each team will then be given a short time to present the 
design and answer questions from the floor. 
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Exercise 2 - Phase 2 


•Evaluate designs 

-Assess designs relative to the business and IT drivers 
-Fill in assessment table 
-Discuss tradeoff decisions 


Figure 4-34. Exercise 2 - Phase 2 IN234.0 

Notes: 

In the second phase of the exercise, teams will assess the presented solutions, comparing 
the designs to the requirements of the case and rating them using the evaluation criteria 
and rating scheme. 


4-46 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 






Student Notebook 


Existing System at Friendly Foods 




Figure 4-35. Existing System at Friendly Foods IN234.0 

Notes: 


© Copyright IBM Corp. 1999, 2003 Unit 4. Design Using Assigned Patterns 4-47 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




















Student Notebook 


Existing System at Decorator’s Delight 



6-12 CSRs 

# Seasonally Adjusted 



Application 

Database 




Windows NT Server 300 Items in 

w/ SQL Server DB DB 


Figure 4-36. Existing System at Decorator’s Delight IN234.0 

Notes: 

All current sales are through the catalog. 99% of these are phone orders with a few paper 
orders through the mail. All communications out to customers are through postcards, for 
backorders and cancelled orders. 
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Drivers at FF 


•Functional Requirements. 
•Non functional requirements 
•Prudent investment 


Figure 4-37. Drivers at FF IN234.0 

Notes: 

FF has particular needs for what an application must do. They also have specific needs for 
system-wide standards and infrastructure. 
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Begin Exercise 2 



Figure 4-38. Begin Exercise 2 IN234.0 

Notes: 
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Unit 5. Selecting Patterns 

What This Unit Is About 

This unit enables a student to determine which patterns are 
appropriate for certain drivers (business and/or IT). 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Differentiate between usage of basic patterns and composite 
patterns 

• Explain the common service elements of e business patterns 

• Interpret more complex scenario descriptions listing business and 
IT drivers 

• Select Extended enterprise, Self-service, or Access integration 
business patterns by: 

- IT drivers 

- Business drivers 

- Technology differentiators 

• Differentiate between components when used in basic or 
composite patterns 

• Create a pattern selection document using provided templates 


How You Will Check Your Progress 

Accountability: 

• Case Study exercise 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 
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Design with 
Patterns 


e-business 


Welcome to: 


Unit 5. Selecting Patterns 



Figure 5-1. Unit 5. Selecting Patterns 


IN234.0 


Notes: 
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5.1 Selecting Patterns 
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Unit Objectives 


After completing this unit, you should be able to: 
•Discuss Extended Enterprise Patterns 
•Discuss Access Integration Patterns 
•Explain JDBC, connectors and data sources 
•Describe how WebSphere supports data sources 
•Discuss role of LDAP products in e-business 


Figure 5-2. Unit Objectives IN234.0 

Notes: 
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Extended Enterprise Patterns 


•Extended Enterprise business patterns address the 
interaction and collaboration between business processes in 
separate enterprises. 

•Also known as Business-to-Business or B2B 
•This business pattern can be observed in solutions that 
implement programmatic interface to connect interenterprise 
applications. 

•This does not cover applications that are directly invoked 
through a user interface by business partners. Those are 
covered under Self-Service. 


Figure 5-3. Extended Enterprise Patterns IN234.0 

Notes: 
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Business and IT Drivers 


•The business process needs to be integrated with existing 
business systems and information. 

•The business processes need to integrate with processes 
and information that exist at partner organizations. 


Figure 5-4. Business and IT Drivers IN234.0 

Notes: 

Consider an online travel agency that enables customers to make travel arrangements. 

Customers can choose from a wide variety of accommodation options including resorts, 
hotel chains, and small bed and breakfast establishments. 

The travel agency requires that all participating major business partners such as resorts 
and hotel chains provide programmatic interfaces that can be invoked in real-time for 
checking room availability and making reservations. 

This is a classic example of business-to-business programmatic integration. 
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Business and IT Context 
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flow 


Figure 5-5. Business and IT Context IN234.0 

Notes: 

The general problem addressed by this pattern is illustrated above. 

Interactions between partners form a public process, or potentially multiple distinct public 
processes. Each of these must be integrated into the private business process flows 
implemented by each partner. 

This separation of public and private processes provides the benefit of flexibility and 
autonomy for the trading partners. 

Such integration might be as simple as passing data to a particular application, or as 
sophisticated as initiating or resuming a multi-step workflow involving several applications 
and user interactions. 

The golden rule of business to business integration is the less you know about the 
business partner’s private processes and the implementation details of their applications 
the better off you are. 

This allows for loose coupling between partner applications. 
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Such loose coupling enables organizations to evolve their applications without affecting 
business partner’s applications. 
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Challenges in B2B integration 


•Autonomy of software platforms 
•Heterogeneity in software platforms 
•Qualities of Service of the partner systems 
•Transactional state management, 

•Security 

•Non-repudiation 

•Cross-organizational design and testing 


Figure 5-6. Challenges in B2B integration IN234.0 

Notes: 

Corporations usually want to maintain autonomy of their internal business processes and 
technology from their trading partners in order to maintain flexibility to change trading 
partners or add new ones in the future. 

No common, shared, middleware can be assumed for distributed applications spanning 
organizational boundaries. 

Cannot assume the availability and performance of partner systems. As a result, 
asynchronicity must be built into B2B integration. 

ACID transaction model may not work, as a result may have to consider Compensating 
Transaction techniques to support long-running transactions. 

From a privacy and non-repudiation perspective, long-running and asynchronous 
transactions must be properly authenticated, authorized, and logged. Correlation of 
conversations must be maintained. 
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Designing and Testing across organizational boundary is a huge challenge. Early definition 
of integration standards, including message formats, message definition, protocol definition 
helps in this area. 

One can leverage the best practices from Application Integration area for Business to 
Business Integration. In fact the Application Patterns for Extended Enterprise heavily 
borrows from Process-Focused Application Integration. 

However, one needs to add additional capabilities to address the unique integration 
challenges of Extended Enterprise discussed above. 
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Application Patterns for Extended Enterprise 

Document Exchange Exposed Application 




Managed Public and Private Processes 



Figure 5-7. Application Patterns for Extended Enterprise IN234.0 

Notes: 
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Document Exchange Application Pattern 



Figure 5-8. Document Exchange Application Pattern IN234.0 

Notes: 

The Document Exchange application pattern helps to structure the batched electronic 
exchange of data using mutually agreed message formats. 

The primary business driver for choosing this application pattern is to increase the 
efficiency of interactions between enterprises. Instead of exchanging paper documents, 
this application pattern can be used to send and receive documents electronically. This 
eliminates the need for error-prone manual reentry of data. 

This is the ideal Application pattern to choose if your current business needs would be 
satisfied by the batched exchange of electronic documents. In other words, at present your 
business requirements don't call for direct invocation of a business partner’s systems in a 
real-time fashion. 

Use of EDI is a good example. 

Solution: 

The Partner tier represents a set of trading partner applications whose characteristics are 
unspecified. In other words, the technological implementation details of these systems are 
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not disclosed. However, trading partners mutually agree upon the message format and the 
means of exchanging these messages. 

The Translator tier retrieves such mutually agreed upon messages from a persistent buffer 
and decodes them into messages that can be used by the internal business processes of 
the receiving organization. Decoded messages are then stored in a Work in Progress data 
store. 

Limitation: 

Does not provide direct access to specific services provided by partner systems 
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Document Exchange: Run-time Pattern 
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Figure 5-9. Document Exchange: Run-time Pattern IN234.0 

Notes: 

Document Exchange: New Nodes Introduced 

VAN Mailbox: Users of a Value Added Network (VAN) send messages to and retrieve 
messages from a Mailbox. This service of the VAN holds messages until the receiver 
requests them. 

VAN access point: is a company's connection to the VAN and represents the networking 
endpoint of a VAN. 

EDI Translation Package: Converts EDI transaction sets (EDI messages) to and from flat 
files, into a usable format for an enterprise’s applications. The translator can read batches 
of messages from a VAN mail box and process them. More sophisticated translation 
packages convert the message to a request to a transaction processing system. 
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Exposed Application - Application Pattern 



Figure 5-10. Exposed Application - Application Pattern IN234.0 

Notes: 

The Exposed Application: application pattern helps to structure a system design that allows 
specific applications to be directly accessed by partner systems across organizational 
boundaries. 

Solution: 

The Exposed Application tier may represent a new application, a modified existing 
application, or an unmodified existing application. This tier is responsible for implementing 
the necessary business logic and access to business data. Since this tier is directly 
exposed across organizational boundaries it must implement or exploit the necessary 
security features such as authentication, authorization, confidentiality, integrity and logging 
for non-repudiation purposes. 

Typically asynchronous communication mechanism is recommended to minimize 
dependency on the availability and performance of applications outside the organizational 
boundary. This approach ensures that your application can continue to operate even if the 
trading partner application does not respond as agreed. 
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Asynchronous communication does not mean delayed response. It is the style of 
programming where you do not block one program from executing while it waits for the 
response. In other words referred to as non-blocking technique. This style also requires 
mechanism to handle responses when they arrive at a later time. Typically it is achieve by 
the use of Correlation Id. 

Typically leverages Virtual Private Networks (VPN) 

Limitation: 

Implies the use of a specific middleware by all the Trading Partners 
Exposes the API of backend systems to trading partners 

Can result in the prolifiration of several point-to-point hard to maintain connections with 
trading partners 
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Exposed Application: Run-time Pattern 
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Figure 5-11. Exposed Application: Run-time Pattern IN234.0 

Notes: 

Exposed Application: New Nodes Introduced 

VPN Endpoint: A Virtual Private Network (VPN) is an extension of an enterprise’s private 
intranet across the Internet or other public network. It creates a secure private itunnelT 
through the Internet to the other partner. Here, we show its access point behind the domain 
firewall, although you can also create configurations that access the VPN from within the 
DMZ. 

Queue Manager: Messages are sent to and received from queues that are managed by a 
queue manager. A queue manager provides a persistent message store and additional 
services including transaction support and routing of messages to the proper queue. The 
receiver of a message can be an adapter that transforms the message data into 
parameters to use on method or procedure calls to a non-queue-based application. 
Similarly, application adapters can convert information returned from a procedure or 
method call into a message, which is then sent back to the originator of the request 
message. 
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Exposed Business Services Application Pattern 
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Figure 5-12. Exposed Business Services Application Pattern IN234.0 

Notes: 

The Exposed Business Services application pattern structures a system design that 
exposes specific services that can be directly invoked by partner systems across 
organizational boundaries. 

This application pattern is ideal when there is need to hide the backend application details 
from trading partners to gain flexibility and improve maintainability. 

The Exposed Business Services tier receives requests from multiple partner systems and 
intelligently routes them to the appropriate backend applications. 

It is also responsible for breaking down compound requests into several, simpler requests 
and routing them to multiple backend systems. 

Finally, it is responsible for message transformation and managing different levels of 
security. In doing so, it typically uses a local read-only database to store routing, 
decomposition, recomposition, and transformation rules. 

The Exposed Business Services tier typically implements minimal business logic. The 
majority of the business logic is concentrated on the backend application tier. 
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As discussed before, asynchronous communication mechanism applies here as well. 
Typically uses Message Oriented Middleware over VPN 
Leverages the techniques from Application lntegration::Broker 
Benefits: 

Isolates the internal business processes and backend implementation details from the 
partner systems and vice versa. This loosely coupled architecture makes it easy to change, 
replace, or add backend applications without heavily affecting partner systems. 

This increases maintainability and reduces the total cost of ownership. 

Limitation: 

Implies the use of a specific middleware by all the Trading Partners 

Does not automatically support different agreements with different Trading Partners. 
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Exposed Business Services: Run-time Pattern 
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Figure 5-13. Exposed Business Services: Run-time Pattern IN234.0 

Notes: 
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Figure 5-14. BPM IN234.0 

Notes: 

The next two application patterns for Extended Enterprise exploit a key concept called 
Business Process Management (BPM) to varying degree of sophistication. 

BPM is the art of understanding, codifying, automating, and improving the way a company 
does business. 

Business logic and business rules are extracted from the business logic tier and are 
presented in a workflow-based environment, which shows graphically the different steps of 
a business process. 

At each node, business rules are used to select the next node and business logic is 
executed. 

The immediate consequence is that the application logic at each step is greatly simplified. 

This will be done at the workflow level, at the graphical user interface level that controls the 
business process and not in the application logic. 
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As a consequence, the business rules have become explicit, visible, and rapidly 
changeable. This allows a company to react more quickly to changes in the marketplace 
where it operates. 

BPM tools separate the WHAT from the HOW. 
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Managed Public Process Application Pattern 



Figure 5-15. Managed Public Process Application Pattern IN234.0 

Notes: 

The Managed Public Processes application pattern structures a system design that 
handles the management of shared business processes between business partners. 

This the first application pattern that begins what is termed as Business Process 
Management, and clearly separates the Public and Private process. 

It is typical for corporations to enter into special agreements with different business 
partners. In business-to-business electronic commerce, there is a need to agree not only 
on the traditional terms and conditions but also on IT issues such as: 

• Roles assumed by different parties 

• Valid sequences of requests 

• Electronic message formats 

• Communication protocols to be used 

• Security issues such as authentication, encryption, and non-repudiation 

• Service level agreements such as response time and availability 

• Error Handling Procedures 
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This combination of traditional and electronic agreements between trading partners is 
called Business Protocols. The primary reason for choosing this application pattern is to 
support different Business Protocols with different Trading Partners. This provides greater 
flexibility. 

The application patterns discussed thus far imposed certain common middleware on 
trading partners. From an IT perspective, the primary reason to choose this application 
pattern is to choose a design that does not impose only one particular middleware on 
trading partners, but instead provides flexibility to support multiple transportation protocols. 

Solution: 

The Public Process Rules tier receives requests from multiple business partners. It is 
responsible for ensuring that the agreed upon business protocols with all these partners 
are satisfied. 

It maps the external communication protocols into internal communication 
protocols before forwarding the request to the Backend Application tier. For example, an 
agreement with a particular business partner may require receiving requests using secure 
HTTPS protocol. Such a request may need to be converted into a MQSeries message 
before passing it over to the Backend Application tier. 

In addition, it is responsible for implementing the necessary security features such as 
authentication, authorization, encryption, message integrity, and non-repudiation. These 
security checks are much more important in this Application pattern compared to the earlier 
ones, because this Application pattern allows for receiving requests over the public 
Internet. 

Finally, this tier is also responsible for sending the required response back. In doing, so it 
typically relies on the response received from the Backend Application tier. A single Public 
Process Rules tier can be used to support multiple partners each employing different 
business protocols. 

SOAP over HTTP/S is often used as the basic middleware neutral protocol. 

For more flexibility, often other protocols are supported by the "Public Process Rules" tier. 
Benefits: 

The Public Process Rules tier completely isolates the internal systems and business 
processes from the external parties. Hence it ensures that each party maintains complete 
independence from the other party both as to the IT infrastructure and the nature of the 
business processes resulting in a highly flexible architecture. 

Limitation: 

This Application pattern can exploit universally accepted communication protocols such as 
HTTP and SMTP for integration between partners. However unlike MOM technologies 
such as MQSeries these protocols do not guarantee reliable message delivery. 

Even though this Application pattern can handle special agreements with different business 
partners and can ensure each party can maintain complete independence in terms of IT 
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infrastructure, backend applications, and business process, it cannot map long running 
external transactions to internal business processes and workflow. 
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Figure 5-16. MPP Run-time Pattern IN234.0 

Notes: 

Managed Public Process: New Nodes Introduced 

Proxy Node: In this topology, the proxy node runs inside the demilitarized zone where it 
acts as a security and routing gateway to the enterprise network. The B2B Integration Node 
can support multiple modes of communication with trading partners using differing security 
topologies. 

B2B Integration Node: The B2B integration node runs inside the domain firewall. It 
oversees the interactions between the trading partners based on a predefined public 
process. An example is a RosettaNet PIP which comprises a message interaction 
specification and an implementation framework, RNIF, governing message formats and 
protocols. 
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Managed Public and Private Process Application Pattern 
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Figure 5-17. Managed Public and Private Process Application Pattern IN234.0 

Notes: 

Managed Public and Private Processes application pattern structures a system design that 
handles different business protocols with different business partners and maps long 
running external transactions to internal business processes and workflow. 

It supports the key Business Protocol management techniques introduced by the earlier 
Application Pattern. 

Furthermore, this Application pattern accommodates long-running transactions across 
organizational boundaries. Dan and Parr observed that transactions spanning multiple 
independent organizations have different characteristics compared to traditional ACID 
transactions executed inside a single organizational boundary. They are typically 
composed of many related interactions dispersed in time resulting in long running 
conversations. Such long-running conversations are particularly important since very little 
can be assumed about the target execution environment, response time, network 
availability, and the need for human intervention to complete the request. This results in the 
need to map such long-running external transactions to internal business processes and 
workflows. 
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Solution: 

The Public Process Rules tier receives requests from multiple business partners. It is 
responsible for ensuring that the agreed upon business protocols with all these partners 
are satisfied. In doing so, it implements all the features described under the Managed 
Public Processes application pattern with one exception. Instead of passing external 
requests to the Backend Application tier directly, it passes them to the Private Process 
Rules tier. 

The Private Process Rules tier is responsible for mapping external long running 
transactions to internal business processes and workflows. To manage workflows 
efficiently, it combines the activities of a process, all the people in the organization, and the 
infrastructure such as computers and programs. In other words, it maintains the status of 
the long running transaction and moves work from one resource to the other based on the 
internal business process. Resources in this context refer to people in the organization and 
the business applications. 

Benefits: 

Further enhances the separation of Private and Public processes and IT infrastructure 
Supports long-running transactions. 

Separates workflow information from applications and hence provides sophisticated 
support for Business Process Management. 
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Figure 5-18. MPPP Run-time Pattern IN234.0 

Notes: 

Managed Public and Private Process: New Nodes Introduced 

Business Flow Manager: The Business Flow Manager controls the invocation and 
interaction of the applications implementing a (major) task in the B2B workflow. In some 
cases, it simply is the business application, interpreting messages and invoking the 
appropriate back end system services, potentially through a message router. In more 
sophisticated implementations, XML scripting might be used to knit together the various 
application components needed to complete the a task and allow easy extension and 
modification of this micro workflow implementing the current business process step. 

Workflow Manager: provides model-driven business process automation and tracking, 
involving systems or systems and people. These processes can span multiple applications 
and organizational boundaries. A workflow manager maintains state and tracks sequencing 
through the business process to guide what the application or user does with a message as 
it arrives. 
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Access Integration 


Pervasive Device Access 


Web Single Sign-On 



Extended Single Sign-On 


Personalized Delivery 



Figure 5-19. Access Integration IN234.0 

Notes: 

Access Integration patterns are useful when: 

• Users need access to multiple applications and information sources via a single sign-on 
and application independent security context. 

• Applications need to be accessible via multiple device types, including fat clients, 
browsers, voice response units, mobile devices, and PDAs 

• There is a requirement to provide a common look and feel to a collection of applications 
or to aggregate result sets from discrete applications in a business process. 

• The user wishes to customize the choice of applications and how they are presented. 

• The business wishes to target information and applications to a specific user or group. 
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Common Services in Access Integration 


•Presentation 
•Personalization 
•Security and Administration 
•Device Support 


Figure 5-20. Common Services in Access Integration IN234.0 

Notes: 

The Presentation service is the foundation for a universal desktop for all the Web-based 
applications of an enterprise. It provides a common look and feel and language 
transparency across multiple applications. 

Presentation: The best practice here is to separate the content from the presentation style. 

One could leverage technologies such ass Cascading Style Sheets (CSS) to establish 
the organization wide presentation styles, which can be applied to all the static and 
dynamic content served by different applications supported by the organization. 

For a more sophisticated separation of content and presentation styles, one could use 
technologies such as XML/XSL. Here, content is described XML documents and the 
presentation style is expressed using one or more XSL-based style sheets. This separation 
enables the same content to be presented differently to different users by merely applying 
a different style sheet without any changes to the content. 

Personalization: The Personalization service provides a number of approaches that allow 
users or the enterprise to shape the choice, style and format of their selected applications. 
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Personalization may be done at many levels: individual, group, role, and so on and it relies 
on other services, such as Presentation and Security. 

There are significant productivity benefits to be gained by allowing users to organize their 
preferred way of navigating to applications, interacting with applications and being provided 
with information feeds. In this way users get what they want rather than being overwhelmed 
by lots of information that they are not interested in. 

Conversely, the enterprise wants to find the most acceptable way to limit (disable) services 
based on their employee, customer or contractual profiles. 

In order to achieve these goals across multiple applications the high-level personalization 
logic must be externalized from individual applications. Such externalization enables easier 
integration with other applications in the future. 

Security and Administration: The Security and Administration service helps to structure a 
system design that allows users to access multiple applications and information sources 
with a single security model and through a single sign-on. 

The primary business driver for this service is to eliminate these user inconveniences while 
continuing to protect the security of enterprise data and applications. 

The best practice for achieving these requirements is to externalize both authentication and 
authorization services from individual applications into a single common Services and 
Administration node. This is often achieved by developing an enterprise-wide directory of 
users and their access permissions using technologies such as LDAP directories. The 
success of this service relies on the ability of individual applications to take advantage of an 
external authentication and authorization mechanism. 

The externalization of authentication and authorization mechanisms eliminates the need for 
the duplication of such functionality inside every application. In addition, it can facilitate 
enterprise-wide user administration instead of having to perform these activities at an 
individual application level. 

Device Support: The Device Support service enables users of a wide range of devices 
(such as clients that support graphical user interfaces, clients that support Internet 
browsers and pervasive devices) to access the same set of applications. 

From a business perspective this service increases the reach of the business applications. 
From an IT standpoint this service avoids having to modify the application to enable its use 
by additional types of devices. This allows for a single code base which enhances the 
organization’s ability to maintain the application and make changes to it. It also helps to 
reduce the total cost of ownership of the application. 

The best practice for achieving this is to externalize the device support services from the 
individual applications. This is accomplished by implementing a device support node that 
accepts data from existing applications in some common format (such as XML) and 
transforms it into a format that is compatible with the user’s device type through a process 
called transcoding. The data is then sent to the user device using a device and/or 
network-specific protocol. 
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The objective of the Access Integration Patterns is to externalize these common services 
from applications thus making them selectable by developers of integrated solutions. 

One or more of these Common Services are combined together by the Application Patterns 
for Access Integration 
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Pervasive Device Access Application Pattern 



Figure 5-21. Pervasive Device Access Application Pattern IN234.0 

Notes: 

The Pervasive Device Access application pattern brings a new tier into the architecture. 
This tier is responsible for the pervasive extensions to the original application. The function 
of this tier is to convert the HTML issued by the application presentation logic into a format 
appropriate for the pervasive device. In this way, this application pattern provides a 
structure for extending the reach of individual applications from browsers and fat clients to 
pervasive devices such as PDAs and mobile phones. 

This application pattern leverages two of the four common services discussed before: 

• Device Support 

• Security and Administration 

Key Business and IT Drivers: 

• Provide universal access to information and services 

• Time to Market 

• Reduce Total Cost of Ownership (TCO) 
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Quick time to market and TCO reduction are achieved by extending existing applications to 
support new devices 

Solution: 

The Pervasive Device Access tier receives requests from pervasive devices and converts 
them into the appropriate requests that can be understood by existing applications and 
converts the response from these existing applications into formats that can be rendered 
by the pervasive device. The rules that govern the transcoding from one format to the 
other are captured by the bn in the above diagram. This new tier supports the following 
functions: 

• Protocol conversion - for example, HTTP to WAP 

• Device Type Detection 

• Transcoding - Conversion from one format to the other - for example, HTML to WML 

• Page sub-setting 

• Content Subscription/Push 


© Copyright IBM Corp. 1999, 2003 Unit 5. Selecting Patterns 5-35 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Pervasive Device Access Run-time Pattern 



Figure 5-22. Pervasive Device Access Run time Pattern IN234.0 

Notes: 

The run time pattern for Pervasive Device Access Introduces the Following New Nodes: 

Transcoding Proxy: is an intermediary server that transforms the content going through it. 
Different client types require different representations of the original content. The 
transcoding proxy transforms the content to a suitable format for the client. The transcoding 
proxy can be either a forward-proxy or a reverse-proxy. 

Voice Server: The voice server node has the responsibility of transforming the special voice 
application content to voice. Basically it is running numerous VoiceXML browsers, which 
are browsing the content from the server side, and handling the client interaction via the 
phone (voice synthesization, voice recognition). The voice server node connects to the 
servers in the DMZ using HTTP. On the client side, it has to be switched (using a gateway 
that handles the protocol conversion) to the phone network. 

Gateway nodes: switch between the different networks to establish communication 
between pervasive devices and the Web applications. This only means that the two parties 
can communicate with each other. It does not mean that they will understand each other. 
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Communicating and passing data between the two parties is one thing, but adapting the 
content and translating between different protocols is another. 
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Web Single Sign-On Application Pattern 
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Figure 5-23. Web Single Sign-On Application Pattern IN234.0 

Notes: 

The Web Single Sign-On application patterns provides a framework for seamless access to 
multiple Web applications through unified authentication services. 

This application patterns is appropriate where there is not need for the security context of 
the user to be propogated back to backend systems to execute the transaction. The Web 
application initiating the requests on the back-end systems are completely responsible for 
authentication and are treated as trusted applications. 

Key Business and IT Drivers: 

• Provide single sign on across multiple applications 

• Reduce Total Cost of Ownership (TCO) 

• Reduce user administration cost 

Solution: 

The Single Sign-On tier implements the Security and Administration service, which 
provides a seamless sign-on capability across multiple applications. This tier uses a user 
profile data store, which is primarily read-only. However, this data store can also be used in 


5-38 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 
























Student Notebook 


a read/write manner to keep track of the last sign-on, the number of invalid sign-on 
attempts, and so on. The SSO tier intercepts all sign-on requests, authenticates the user, 
and establishes a user credential upon successful authentication. Subsequently, if the user 
tries to access another application that also requires a sign-on, this service automatically 
passes the user credential on to that application. The target application recognizes the user 
credential established by the security service and uses it for authorization locally. As a 
result, users can sign on once to access all the applications integrated using this 
Application pattern. 

Guidelines: Providing SSO across custom built applications and third party packaged 
applications can be challenging especially if the chosen package does not support the use 
of an externalized directory (for example, LDAP) and authentication. As you evaluate third 
party packages it is important to ensure that they are capable of such integration. 
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Web Single Sign-On Run-time Patterns 
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Figure 5-24. Web Single Sign-On Run time Patterns IN234.0 

Notes: 

Two Types of Web Single Sign-On Runtime: 

• Homogenous Application Servers 

• Heterogeneous Application Servers 

What contributes choosing between these two types? 

• Where is the Credential Repository? 

• Where does Authentication take place? 

• Where does Authorization take place? 

• What form of Credentials does the Authorization system take? 

• What Application Server? 

The homogenous application server design above illustrates how one can exploit the 
application server's single sign-on functionality where all applications are implemented on 
the same application server. For example, WebSphere Application Server. 
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The benefits of this design are that it enables a simple, effective security model for 
applications built within the same application server environment. The disadvantage is that 
it does not support applications outside the application server domain. 
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Heterogeneous Application Servers 



Figure 5-25. Heterogeneous Application Servers IN234.0 

Notes: 

A Web tier with multiple different vendor application servers can only implement Single 
Sign-On with the deployment of a separate security server. The external security server 
provides an authentication proxy that intercepts requests to map or transform user 
credentials into the appropriate credential format for that application server. 

The benefits of this design are that it provides a unified, secure authentication model, and 
supports multiple vendors/platforms. 

WebSphere Commerce Suite is an example of an application that manages its own internal 
mechanism for authentication (form-based) and authorization (role-based). However, it is 
possible to establish trust relationships between WebSphere Commerce Suite and the 
larger enveloping domains of WebSphere Application Server and Secureway Policy 
Director by sharing a common user registry or by configuring Commerce Suite to accept an 
LTPA token as proof of authentication. In this configuration, WebSphere Commerce Suite 
will accept the user as an authenticated user. Its authorization service will remain in effect 
and determine permissions based on the user identity in the LTPA token. For more 
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information on this topic, see the IBM redbook LDAP Implementation Cookbook, 
SG24-5110. 
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Extended Single Sign-On Application Pattern 



Figure 5-26. Extended Single Sign-On Application Pattern IN234.0 

Notes: 

Extending the security context to include the back-end systems enables non-repudiation of 
backend system transactions. For solutions with strong privacy and/or audit requirements, 
this approach is needed. As shown in the figure below, these solutions will almost always 
require a centralized user administration model. Examples include financial services 
transactions and access to health care clinical document systems. 
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Extended SSO 



Figure 5-27. Extended SSO IN234.0 

Notes: 

Credential propagation takes one of two approaches: 

• Credential mapping, where the Web user identity is mapped to a user ID used to access 
the back-end system. 

• Credential transformation, where the Web user identity is forwarded to the back-end 
system but is transformed into the format acceptable to that system. 

The main benefit of a credential propagation design is that it allows for maximum flexibility 
and incorporation of non-compliant applications. Its disadvantages are that it introduces 
complexities related to credential management, and introduces requirements for additional 
error handling and transaction support at each application node. 
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Central Authorization Service 



Figure 5-28. Central Authorization Service IN234.0 

Notes: 

Another alternative for extending the security context to back-end systems is to allow the 
same security service that controls the Web tier to control the back-end applications. The 
security server provides the role-based authorization for controlling back-end resources. 

No credential mapping or transformation is required. The security context is preserved all 
the way through to the backend system. 

The benefits of this solution is that it simplifies user management across all applications, 
and unifies user profile information and reduces redundancy. Its main disadvantage is that 
it requires all applications to support the chosen security proxy and may require complex 
modification and migration. 
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Personalized Delivery Application Pattern 



Figure 5-29. Personalized Delivery Application Pattern IN234.0 

Notes: 

The Personalized Delivery application pattern provides a framework for giving access to 
applications and information tailored to the interests and roles of a specific user or group. 
This pattern extends basic user management by collecting rich profile data that can be kept 
current up to the user’s current session. Data collected can be related to application, 
business, personal, interaction, or access device-specific preferences. 

Key Business and IT Drivers: 

The primary business driver for choosing this Application pattern is to increase usability 
and improve the efficiency of Web applications by tailoring their presentation to the user’s 
role, interests, habits and/or preferences. 

Solution: 

The Personalization tier works in concert with the application or portal in question to tailor 
the application components and data presented to the user based on the desired approach 
(Participatory, Predictive, Prescriptive). Personalization services typically provide a 
centralized repository for user profile information related to preferences, access history, 
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and aggregate use statistics. The services also give developers the capability to define and 
store rules and filters, which can be used by applications to provide Personalized Delivery 
of content and applications. 

This tier implements the Personalization service for data/rule/preference storage and 
collection and the Security and Administration service to determine a user’s identity. 
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Figure 5-30. Personalized Delivery IN234.0 

Notes: 

Participatory: 

Enables the user to design the content and the layout of the content that they see by 
explicitly choosing from a selection of options. The personalization service stores the 
customization results in a profile record. 

Predictive: 

Uses an inference engine to personalize content based on the past history (click stream) of 
user (all users) behavior. The Inference engine may reference a user profile for 
demographic information to categorize users. 

Prescriptive: 

Provides a rules engine that delivers targeted content based on business rules defined by 
the enterprise. The personalization rules are based on data being requested by the user 
and the user's profile information. 
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Participatory Personalization 



Figure 5-31. Participatory Personalization IN234.0 

Notes: 

Participatory personalization allows the user to design the content and the layout of the 
content that they see by explicitly choosing from a selection of options. The personalization 
service stores the customization results in a profile record. 

The main benefit of a participatory personalization solution is that it allows users to modify 
the navigation and information presentation of their interface for maximum comfort and 
efficiency. Its disadvantages include that it can be difficult to encourage users to participate 
due to trust issues, and follow-up efforts to refresh user preferences may be perceived as 
intrusive. 
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Predictive Personalization 




Figure 5-32. Predictive Personalization IN234.0 

Notes: 

Predictive personalization uses an inference engine to personalize content based on the 
past history (click stream) of user (all users) behavior. The inference engine may reference 
a user profile for demographic information to categorize users. 

The benefits of a predictive personalization solution include: 

• Enables the enterprise to control access to applications and information while 
empowering users. 

• Enables the enterprise to make users aware of opportunities of which they may not 
otherwise be aware. 

• Enables the enterprise to monitor users’ behavior and habits automatically. 

The disadvantages to this solution include: 

• Personalization techniques can be perceived as intrusive. 

• Predictive technologies can be difficult to apply effectively without careful identification 
of goals and measurement. 

• Will likely require extensive analysis and preparation to be effective. 
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Prescriptive Personalization 



Figure 5-33. Prescriptive Personalization IN234.0 

Notes: 

Prescriptive personalization provides a rules engine that delivers targeted content based 
on business rules defined by the enterprise. The personalization rules are based on data 
being requested by the user and the user's profile information. 

The benefits of this solution are that it enables the enterprise to have fine-grained control 
over access to applications and data while improving users’ efficiency, and facilitate a 
better end-user experience. The main disadvantage is that proper implementation can be 
challenging if business rules are complex. 
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Combined Run-time Pattern: Web Single Sign-On and 
Prescriptive Personalization 




Figure 5-34. Combined Run-time Pattern: Web Single Sign-On and Prescriptive Personalization IN234.0 

Notes: 

An example of combined patterns. 
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A Portal Server Example 



Figure 5-35. A Portal Server Example IN234.0 

Notes: 

WebSphere Portal Server makes it easy to bring together the following common access 
integration services: 

• Presentation 

• Personalization 

• Security and Administration 
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J2EE Data 


•Data Concepts 
•JDBC 

•J2EE Connector Architecture 
•Container-managed persistence 


Figure 5-36. J2EE Data IN234.0 

Notes: 

We now turn our attention to the implementation layers for our patterns. Data access in the 
e-business arena is a matter of accessing data stores through software layers in our 
application servers. In the J2EE architecture, these layers can be drivers, connectors, data 
source definitions, and end points like RDBs, tables, programs like CICS, and so forth. 
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Data Access (JDBC and J2C) 



Figure 5-37. Data Access (JDBC and J2C) IN234.0 

Notes: 

The J2EE Connector architecture defines a standard architecture that enables the 
integration of various enterprise information systems (EIS) with application servers and 
enterprise applications. It defines a standard resource adapter used by a Java application 
to connect to an EIS. This resource adapter can plug into the application server and, 
through the Common Client Interface (CCI), provide connectivity between the EIS, the 
application server, and the enterprise application. 

The Enterprise JavaBeans (EJB) 2.0 architecture for container-managed persistence 
(CMP) provides a separation between the client view of a bean (as presented by its home 
and remote interfaces) and the entity bean instance (which provides the implementation of 
the client view). This separation enables you to change an entity bean independently from 
its clients. It also means that you can redeploy an entity bean across different persistence 
managers and different persistent data stores, without requiring the redefinition or 
recompilation of the entity bean class. 

The Bean Provider concentrates on the business logic of the object and defines the 
relationship through the abstract persistence schema; whereas the Persistence Manager is 
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responsible for providing the implementation of the persistent fields and relationships, as 
well as all data access to the underlying persistent store. To achieve this portability, the EJB 
2.0 data access model is based on the J2EE Connector Architecture (JCA) specification. 
This specification is different from the EJB 1 .x data access model that used the JDBC 
Connection Manager (CM) model from Version 4.0. 

The EJB 2.0 Persistence Resource Adapter model utilizes the JCA defined Resource 
Adapter to connect to various backend data stores without changing the persistence 
manager. JDBC applications that access relational databases using the JDBC API 
indirectly use a WebSphere Application Server Resource Adapter specifically designed to 
work with JDBC data sources. The product also enables any JCA compliant connector to 
plug in, enabling the application to access an EIS system. Users of data sources do not see 
any differences in the programming model from previous releases because of the 
underlying use of the JCA architecture. JDBC users still configure and use data sources 
according to the JDBC programming model. Note that some applications migrating from 
previous versions of the product can experience behavioral differences because of J2EE 
Version 1.3 requirements. 

WebSphere Application Server 5.0 provides support for the JDBC Connection Manager 
model from Version 4.0, enabling J2EE 1.2 applications to run unaltered. However, the EJB 
2.0 module within a J2EE 1.3 application cannot use the 4.0 JDBC Connection Manager. 
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CMP 

•Data statements not in Bean 
•New CMR 


Figure 5-38. CMP IN234.0 

Notes: 

The container automatically manages the state of CMP entity beans. This management 
includes synchronizing the state of the bean with the underlying database when necessary 
and also managing any relationships (CMRs) with other entity beans. The bean developer 
is relieved of writing any database specific code and, instead, can focus on business logic. 

Container-Managed Relationships (CMR) is one of the most significant new features added 
by the EJB 2.0 Specification. Like Inheritance, relationships are a key component of 
object-oriented software development and non- trivial object models can form complex 
networks with these relationships. The EJB 2.0 Specification adds relationships to the EJB 
programming model and requires that the container be responsible for their maintenance. 
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Security Concepts for WAS 


WebSphere Security Layers 



Figure 5-39. Security Concepts for WAS IN234.0 

Notes: 

Operating System Security - The security infrastructure of the underlying operating system 
provides certain security services to the WebSphere Security Application. This includes the 
file system security support to secure sensitive files in WebSphere product installation. The 
WebSphere system administrator can configure the product to obtain authentication 
information directly from the operating system user registry, for example the Windows NT 
system Security Access Manager (SAM). 

Network Security - The Network Security layers provides transport level authentication and 
message integrity and encryption. WebSphere Application Server inter-servers 
communications can be configured to use Secure Socket Layer (SSL) and HTTPS. 
Additionally IP Security and Virtual Private Network (VPN) may be used for added 
message protection. 

JVM 1.3.1 - The JVM security model provides a layer of security above the operating 
system layer. 

Java 2 Security - The Java 2 Security model offers fine grained access control to system 
resources including file system, system property, socket connection, threading, class 
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loading, and so forth. Application code must be explicitly grant the required permission in 
order to access a protected resource. 

CORBA Security - Any calls made among secure ORBs are invoked over the Common 
Security Inter operability Version 2 security protocol that sets up the security context and 
the necessary quality of protection. After the session is established, the call is passed up to 
the enterprise bean layer. WebSphere Application Server continue to support the Secure 
Association Service (SAS) security protocol which was used in prior releases of 
WebSphere Application Server and other IBM products for backward compatibility. 

J2EE Security - The security collaborator enforces J2EE based security policies and 
supports J2EE security APIs. 

WebSphere Security - WebSphere security enforces security policies and services in a 
unified manner on access to Web resources, enterprise beans, and JMX administrative 
resources. It consists of WebSphere security technologies and features to support the 
needs of a secure enterprise environment. 
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Security Infrastructure 



Figure 5-40. Security Infrastructure IN234.0 

Notes: 

The picture shows a typical multiple-tier business computing environment. Shown in the 
picture is a WebSphere Application Server Network Deployment (ND) installation. Note that 
there is a Node Agent instance on every computer node which is omitted in the picture. 
Each product application server consists of a Web container and an EJB container shown 
in the yellow shaded area and the administrative subsystem shown in red shaded area. 

The WebSphere Application Server deployment Manager contains only WebSphere 
administrative code and the administrative console application. Administrative console is a 
special J2EE Web Application that provides the GUI interface for performing administrative 
functions. WebSphere Application Server configuration data is stored in XML descriptor 
files. Those XML configuration files should be protected by operating system security. 
Passwords and other sensitive configuration data can be modified via administrative 
console. Hence, the administrative console Web application has setup data constraint 
which requires the administrative console servlets and JSP files to be accessed only 
through SSL connection when global security is enabled. 

Ref: Security section of WAS 5.0 InfoCenter 
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LDAP Server/Client Review 



Figure 5-41. LDAP Server/Client Review IN234.0 

Notes: 

Lightweight Directory Access Protocol (LDAP) is a user registry in which authentication is 
performed using an LDAP binding. WebSphere Application Server security provides and 
supports implementation for most major LDAP directory servers (LDAP servers) which can 
be used as the repository for user and group information. These LDAP servers are called 
by the product processes (servers) for authenticating a user and other security related 
tasks (for example, getting user or group information). This support is provided by using 
different user and group filters to obtain the user and group information. 

These filters have default values which can be modified to fit your needs. Also, the Custom 
LDAP feature enables one to use any other LDAP server (which is not in the product 
supported list of LDAP servers) for their user registry by using the appropriate filters. 
Supporting new LDAP servers using the Custom LDAP feature is left to the customer. In 
order to accomplish this one needs to understand how the filters are used by the product to 
obtain the user and group information. 

From the client’s point of view, any server that implements the LDAP protocol is an LDAP 
directory server, whether the server actually implements the directory or is a gateway to an 
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X.500 server. The directory that is accessed can be called an LDAP directory, whether the 
directory is implemented by a stand-alone LDAP server or by an X.500 server. 
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Exercise Introduction 



Figure 5-42. Exercise Introduction IN234.0 

Notes: 
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Unit 6. Building a Design Using Collaborative and 
Information Aggregation Patterns 

What This Unit Is About 

This unit enables students to create an e-business application design 
using Collaborative and Information Aggregation patterns. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Explain the Collaborative e-business patterns 

• Explain the Information Aggregation e-business patterns 

• Use these patterns in design activities 

• Discuss the usage of collaborative servers in the patterns 

• Interpret scenario descriptions and list business drivers 

• Associate business drivers to patterns 

• Select patterns by: 

- IT drivers 

- Business drivers 

- Technology differentiators 

• Create a pattern-based design using provided templates and 
simple notation conventions. 

How You Will Check Your Progress 

Accountability: 

• Case Study exercise 


References 

ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 
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Design with 
Patterns 


e-business 


Welcome to: 


Unit 6. Building a Design using 
Collaborative and Information Aggregation 

Patterns 



Figure 6-1. Unit 6. Building a Design using Collaborative and Information Aggregation Patterns IN234.0 

Notes: 
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6.1 Building a Design Using Collaborative and Information 
Aggregation Patterns 
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Unit Objectives 


After completing this unit, you should be able to: 

•Explain the Collaborative e-business patterns 

•Explain the Information Aggregation e-business patterns 

•Use these patterns in design activities 

•Discuss the usage of collaborative servers in the patterns 

•Interpret scenario descriptions and list business drivers 

•Associate business drivers to patterns 

•Select patterns by: 

-IT drivers 
-Business drivers 
-Technology differentiators 

•Create a pattern-based design using provided templates and 
simple notation conventions. 


Figure 6-2. Unit Objectives IN234.0 

Notes: 
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Business Patterns 


Business Patterns are the basic building blocks for solutions 



Figure 6-3. Business Patterns IN234.0 

Notes: 

Business patterns highlight the most commonly observed interactions between Users, 
Businesses, and Data. They are the fundamental building blocks of most e-business 
solutions, and describe the interaction between the participants in an e-business solution. 
The four Business patterns documented on the Patterns for e-business site are: 

Self-Service - Also known as the User-to-Business pattern, Self-Service addresses the 
general case of internal and external users interacting with enterprise transactions and 
data. 

Collaboration - Sometimes called User-to-User, the Collaboration business pattern 
addresses the interactions and collaborations between users. This pattern can be 
observed in solutions that support small or extended teams who need to work together in 
order to achieve a joint goal. 

Information Aggregation - The Information Aggregation business pattern, also known as 
User-to-Data, can be observed in e-business solutions that allow users to access and 
manipulate data that is aggregated from multiple sources. This Business pattern captures 
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the process of taking large volumes of data, text, images, video and so on and using tools 
to extract useful information from them. 

Extended Enterprise - The Extended Enterprise business pattern (aka 
Business-to-Business or B2B) addresses the interactions and collaborations between 
business processes in separate enterprises. This pattern can be observed in solutions that 
implement programmatic interfaces to connect inter-enterprise applications. 
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Collaboration Business Pattern 


•Interactions and collaborations between users 
-Small or extended teams 

•Application patterns: 

-Point-to-Point 
-Store and Retrieve 
-Directed Collaboration 
-Managed Collaboration 


Figure 6-4. Collaboration Business Pattern IN234.0 

Notes: 

The Collaboration business pattern, which is also known as the User-to-User or U2U 
pattern, enables interaction and collaboration between users. This pattern can be observed 
in solutions that support small or extended teams who need to work together in order to 
achieve a joint goal. 

Note: The Collaboration business pattern is documented to the Application pattern level 
only. Run-time patterns and product mappings are not yet provided for this Business 
pattern. However, in many cases, specific products that implement a given Application 
pattern are listed. 
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Business and IT Drivers 


IT Drivers 
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V 

Require workflow collaboration 




V 

Many users 


V 

V 

V 


Figure 6-5. Business and IT Drivers IN234.0 

Notes: 

Businesses developing a solution needing the following characteristics should consider 
using the Collaboration business pattern: 

The end users and customers need to directly interact with business processes. 

The business activity demands and fosters collaboration and the sharing of information 
among its participants. 
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Point-to-Point Application Pattern 



Figure 6-6. Point-to-Point Application Pattern IN234.0 

Notes: 

Point-to-Point 

This Application pattern (aka User-to-User Topology 1) allows users to directly address 
other users on the network using simple point-to-point synchronous communications, and 
then enables them to begin a direct communication link with them. 
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Store and Retrieve Application Pattern 



Figure 6-7. Store and Retrieve Application Pattern IN234.0 

Notes: 

Store and Retrieve 

This Application pattern (aka U2U Topology 2) allows users to collaborate with others on 
the network interactively. Unlike the Point-to-Point pattern, this pattern does not require 
both partners to be online at the same time. It also does not require the client to know the 
physical or direct address of other users of the solution. 
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Directed Collaboration Application Pattern 



Figure 6-8. Directed Collaboration Application Pattern IN234.0 

Notes: 

Directed Collaboration 

This Application pattern (aka U2U Topology 3) allows users to collaborate with others on 
the network interactively, requiring the two users to be online simultaneously and to register 
with a server prior to the collaboration. In this pattern all of the users are peers and there 
are no client-server or master-slave relationships between the tiers in the pattern. 
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Managed Collaboration Application Pattern 



Figure 6-9. Managed Collaboration Application Pattern IN234.0 

Notes: 

Managed Collaboration 

This Application pattern (aka U2U Topology 4) builds on the Peer-to-Peer Collaboration 
application pattern by implementing workflow rules to manage the collaboration between 
users of the solution. This Application pattern supports both synchronous and 
asynchronous collaboration. 
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Information Aggregation Business Pattern 


•Allows users to access and manipulate data that is 
aggregated from multiple sources 
-Business intelligence 

•Application patterns: 

-Population - Single Step 

-Population - Multi Step 

-Population - Crawling and Discovery 

-Population - Summarization 

-Information Access - Read Only (plus variations) 


Figure 6-10. Information Aggregation Business Pattern IN234.0 

Notes: 

The Information Aggregation business pattern, which is also known as the User to Data or 
U2D pattern, can be observed in e-business solutions that allow users to access and 
manipulate data that is aggregated from multiple sources. This Business pattern captures 
the process of taking large volumes of data, text, images, video, and so on, and using tools 
to extract useful information from them. These tools may personalize data to suit user 
preferences, distill summary information from large volumes of data, use algorithms to 
identify trends hidden in the data, or answer users' hypothetical what-if questions about 
potential business scenarios. 
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Business and IT Drivers 
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V 


Figure 6-11. Business and IT Drivers IN234.0 

Notes: 

Businesses developing a solution needing the following characteristics should consider 
using the Information Aggregation business pattern: 

The end users and customers need to directly interact with business processes and/or 
data. 

The business activity has a need to aggregate, organize, and present information from 
various sources within and outside of the organization. 
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Population Application Patterns (1 of 2) 

Population - Single Step Population - Multiple Step 

m 





Figure 6-12. Population Application Patterns -1 IN234.0 

Notes: 

Population - Single Step 

This Application pattern (aka U2D Topology 1) structures the population of a data-store 
with data that requires minimal transformation and restructuring.The Population - Single 
Step pattern is a simplistic solution design. 

Population - Multi Step 

This Application pattern (aka U2D Topology 2) structures the population of a data-store 
with structured data that requires extensive reconciliation, transformation, and 
restructuring.The Population - Multi Step pattern must be used in conjunction with one of 
the Runtime patterns from the Information Access - Read Only pattern to create a complete 
Information Aggregation solution. 
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Population Application Patterns (2 of 2) 


Population - Crawling and Discovery 


Population - Summarization 



Figure 6-13. Population Application Patterns - 2 IN234.0 

Notes: 

Population - Crawling and Discovery 

This Application pattern (aka U2D Topology 3) provides a structure for applications that 
retrieve and parse documents and create an index of relevant documents that match the 
specified selection criteria. 

Population - Summarization 

This Application pattern (aka U2D Topology 4) extends the capabilities provided by the 
Population - Crawl and Discover pattern by attaching summary information to index entries. 
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Population Run-time Patterns 


Outside world 


Internal Network 


I 

l 


Outside world 


Extract + 
(Transform) 



Source 

data 


l 



Population - Multiple Step: Variation 2 
DMZ or outside world to internal Population 


Figure 6-14. Population Run-time Patterns 


IN234.0 


Notes: 

The Population - Single Step application pattern is not documented with additional 
Run-time patterns or product mappings on the Patterns Web site. Because Single Step 
functionality is essentially a simplified version of the functionality found in the Population - 
Multi Step application pattern, its solution designs can be used as a basis for further 
understanding implementation details of the Population - Single Step application pattern. 

The Population - Multi Step application pattern depicts the three main functions, or stages, 
in data population: extract, transform, and load. The actual implementation of a business 
intelligence system can involve fewer or more discrete stages of data population. In such 
cases, the runtime pattern diagrams must be adjusted accordingly and consideration given 
to the placement of any additional nodes. 

The Run-time pattern and variations are generalized to cover any source to target data 
population. However, to understand the functionality required in each node (irrespective of 
its placement), we need to understand the roles being played by the source and target data 
stores and their relationships. The source might be the Business Data Warehouse (BDW) 
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and the target a data mart. Population functions for this scenario differ from those where 
the source is a Web mart and the target is an Operational Data Store (ODS). 

The population activities taking place in the first pattern above are as follows: The overall 
Population application first extracts and optionally transforms source data into intermediate 
data. Optionally, a Population application then transforms the intermediate data into further 
intermediate data. A Population application takes intermediate data (produced by either of 
the two previous steps) and optionally transforms and loads it into target data. The diagram 
explicitly shows that the process can be performed in two or three steps. The process can 
also be reduced to one step, where extract, transform, and load all occur in one process 
that directly produces target data. Furthermore, the mid-section of the diagram can be 
repeated as often as necessary to produce a multistep process. 

The source and target data exists as the contents of databases or as files. The 
intermediate data can be stored in files, message queues, or databases. 

When the target is placed in the Demilitarized Zone (DMZ) or outside world, additional 
focus is needed to ensure data arrives at its destination safely and securely, because the 
DMZ might not have security and systems management facilities as sophisticated as the 
internal network. When target data is in the outside world, such as on an Internet or 
extranet-connected workstation, pay close attention to issues of content security and 
confirmation of delivery within the Population application functionality because the Internet 
lacks such security. For additional security, you can cross the domain firewall manually. 

In the third variation, the source rather than the target is placed in the DMZ or outside 
world, and the data population process supports a feedback mechanism. Security is vital to 
avert the introduction of a virus or other threat into the internal environment. 

The Population - Crawling and Discovery application pattern and the Population - 
Summarization application pattern are new solution designs, and they are not documented 
to the Runtime pattern level. 
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Information Access Application Patterns 


Information Access - Read Only 



synchronous 

Primary 

synchronous 

Drill-through 

tier 


tier 


tier 



\ Write 


hssri, Write 

I only Population 
- data - application 
patterns 


Information Access - Read Only Information Access - Read Only 

Variation 1 (Limited User Update) Variation 2 (Extensive User Update) 



Figure 6-15. Information Access Application Patterns IN234.0 

Notes: 

Information Access - Read Only 

This Application pattern (aka U2D Topology 5) helps structure a system design that 
provides read-only access to aggregated information.The Information Access - Read Only 
application pattern must be used in conjunction with a data population mechanism to 
create a complete Information Aggregation solution. 

In the application pattern above, and in the variations that follow, functions to the right of 
the Application 1 node are optional and can be added to support drill-through. 

Variation 1 (Limited User Update) allows users to write data back to a local data store. A 
typical example would be saving the results of queries or of data manipulation. The data 
thus created is saved and not overwritten the next time data store is refreshed from its 
source. 

In Variation 2 (Extensive User Update) whenever the user makes a change to data, that 
change is checked. For updates of certain defined existing data elements, the change data 
is sent as a work item to an operational system. It then makes these changes by a 
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transaction. These changes are captured by the next write cycle. The changes flow through 
from the Population process and the next time the local data is overwritten, the mart 
contains the results of the changes. The most common example of this pattern design is 
the operational data store (ODS). 
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Information Access Run-time Patterns (1 of 2) 
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Figure 6-16. Information Access Run-time Patterns - (1 of 2) IN234.0 

Notes: 

The Information Access - Read Only application pattern can be implemented using any one 
of four Run-time pattern designs. These Run-time patterns begin with the most commonly 
used and usually simplest configuration and become progressively more complex. 

Because of the historical development of business intelligence methods, this section 
focuses first on use of applications by internal users and then by agents or suppliers of the 
company building the Bl application. Such users are identified, verified, and broadly trusted 
by the company, and are labeled as known. If and when the Bl functionality is made more 
broadly available, at its widest to any user, access typically becomes more restricted, as 
shown in later Run-time patterns. 

The information access functionality provided by each of the Run-time pattern designs 
must be combined with data population functionality for a complete Information 
Aggregation solution. 

The most common and simplest configuration places the Bl application in the internal 
network and provides the broadest range of possible functions to known users of the 
system. This configuration represents a number of the most common Bl implementations. 
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First is the case where a trusted user, such as an employee or agent, accesses the Bl 
Application Server using a LAN or other traditional connection. Many traditional Bl 
applications are constructed using a fat client approach, with substantial Bl function on the 
client. 

A second case where this design is applicable is when the application is being accessed by 
a known, trusted user such as a customer or supplier to a Bl application in the internal 
environment. In comparison to the second Runtime pattern depicted below, the data can be 
more up-to-date and more sensitive because it is now in a more secure environment. 
However, there may be security concerns about giving external users access to the internal 
network. Given these concerns, this approach is more likely where an extranet has been 
established, rather than for broader access from the Internet. In addition, an internal user 
can access identical data on the intranet. A thin client approach reduces remote application 
maintenance issues. 

This variation builds on the basic Runtime pattern above with two additions. The important 
addition for Information Access is the drill-through from the Bl application server (in this 
case, linked with a dependent data mart) to the BDW. With the addition of this drill-through 
comes the need for consistency between the two data stores and consider more carefully 
issues of Population and feedback to the BDW of changes made in the data mart. 

This scenario occurs typically when the Bl application is an OLAP tool with summary data 
stored on the mart and occasional access to detailed data in the BDW. In some instances, 
no data is stored at the mart level and all data access is through drill-through to the BDW. 
In other cases, no changes are allowed or recorded at the data mart level. In these simpler 
variations, the feedback loop is not required. 

With feedback included as shown, work done on the data mart can be reintegrated with 
other BDW-level data. To protect users from themselves, a complex architecture both in the 
client and server is needed. The user can store new or changed data in the data mart, 
which is eventually fed back to the BDW and then populated into the data mart as part of 
the now certified data. In the meantime, the user has access to two sets of potentially 
conflicting data in the mart. The user is also able to drill-through to the detail level data in 
the BDW. This type of configuration is emerging. However, customer relationship 
management (CRM) applications drive strongly towards this type of implementation and 
should be designed with great care to prevent data inconsistencies. 
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Information Access Run-time Patterns (2 of 2) 
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Figure 6-17. Information Access Run-time Patterns - (2 of 2) IN234.0 

Notes: 

A company considering allowing public access to its Bl applications must decide which 
data and function to make available. In general, for the widest public access, the 
application must not need to identify or verify the user. In these circumstances, the type of 
information being presented would be public-domain reports or data, in simple-to-use, 
largely predefined formats. The expectation is that the user is operating through a standard 
browser, and the data must therefore be structured in a form compatible with such a 
browser, called a Web mart. 

In the simplest configuration, the Web mart is placed on a Web data server in the 
demilitarized zone (DMZ) and is accessible to any user on the Internet (subject to any 
security constraints imposed by the protocol firewall). The Web mart data is periodically 
refreshed or updated as required, using the chosen population mechanism. 

This configuration provides simple access to public information outside the enterprise with 
maximum security. If required, the data population process can be done manually by 
creating a tape on the internal network that is then physically loaded on the Web data 
server. This further isolates the internal network from attack. 
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Operational data stores (ODS) are traditionally addressed as a data warehouse issue, but 
are arguably more a hybrid topic. Their design is geared towards rapid online response, 
and they are often very similar in structure to an existing operational database. The content 
is usually an amalgamation of existing stores. They commonly store a consolidated 
customer information file, where a single-source view of a customer’s complete position in 
dealings with the company is collected, for use at call centers or to present to Web clients. 
Operational data stores can also administer more specific Bl applications where timeliness 
of data is critical. 

A user must be known and authorized to access an operational data store and can access 
the Operational Data Store (ODS) either externally or internally. For security reasons, 
external access is most likely from an extranet. 

An ODS is closer to real time in its content than other data stores. Also, an ODS can be 
updated by its client and represents the first point of capture of such data. Because of this, 
it is responsible for propagating that data to operational systems, and possibly the 
warehouse. These characteristics are reflected in the implementation of the Population 
topology. 

Typically an ODS sits between the operational systems and the warehouse. Changes 
applied to the ODS by real-time systems propagate or replicate to the operational 
databases, which have equivalent copies of the data. Changes also roll forward to the 
warehouse through either the ODS or the operational source as determined within the site. 

An additional runtime pattern is the Disconnected User Support pattern. In this Run-time 
pattern, the entire Bl application and its data reside on the user’s workstation. At intervals, 
the user connects to the network. The data mart is updated or refreshed, either 
automatically or at the user’s request. The user is then free to work on the data mart while 
disconnected. When necessary, and when the application has been designed to 
accommodate it, data changed or added by the user while disconnected can be fed back 
either automatically or at the user’s request into the internal environment. Both periodic 
data population and feedback are done through the chosen population mechanism. 
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Collaboration Technologies 


•E-mail 

-SMTP, POP3, IMAP 
•Newsgroups 
-NNTP 

•Chat and Instant messaging 
-IRC, AIM, Lotus Sametime, MS NetMeeting 
•File sharing 
-Gnutella, Napster 
•Calendaring and scheduling 
-iCalendar, Lotus Notes 
•Document sharing and project management 
-Lotus Quickplace 
•Workflow 
-Lotus Workflow 


Figure 6-18. Collaboration Technologies IN234.0 

Notes: 

There are a number of collaboration technologies available. 

E-mail functionality is widely used. This follows the Store and Retrieve application pattern. 
E-mail messages are sent (from clients to servers or between servers) using the Simple 
Mail Transfer Protocol (SMTP). E-mail clients, such as Lotus Notes, Microsoft Outlook 
Express and many others, typically use the POP3 or IMAP protocols to access and retrieve 
mail from servers. Some solutions use proprietary solutions between client and server in 
private networks and SMTP to exchange messages across the Internet. 

Internet newsgroups (based on the NNTP protocol) and bulletin boards have existed for 
many years. These follow the Store and Retrieve application pattern. 

Instant messaging use has grown significantly. The Internet Relay Chat (IRC) protocol 
provides a popular standards-based implementation. Proprietary solutions, such as AOL 
Instant Messenger (AIM) or Microsoft NetMeeting, exist in public networks. Lotus 
Sametime provides instant messaging and application sharing for businesses. Most instant 
messaging technologies follow the Directed Collaboration application pattern. 
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File sharing technologies have become popular in the Internet for sharing music and other 
media files. Examples are Gnutella (which implements the point-to-point application 
pattern) and Napster (which implements the Directed Collaboration application pattern) 

Calendaring and scheduling are important office applications which have traditionally been 
implemented using proprietary technologies, such as Lotus Notes. This follows the Store 
and Retrieve application pattern. Recently the iCalendar protocol has been defined to 
enable calendar interoperability. 

As the trend for mobile working and remote teams has grown the need for software to 
coordinate project teams has increased. Applications such as Lotus Quickplace provide 
shared document libraries and calendars with project tracking and workflow capabilities. 
This follows the Store and Retrieve application pattern. 

As business processes become more automated the need for workflow increases. 
Workflow applications such as Lotus Workflow provide workflow automation based on the 
Managed Collaboration application pattern. 
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Portals 


•Give people convenient access 
-Employees 
-Partners 
-Customers 
•To what they need 
-Applications 
-Content 
-Services 

•Using the best infrastructure 
-Scalable 
-Secure 

-Accessible from anywhere 


Figure 6-19. Portals IN234.0 

Notes: 
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Portal Benefits 


•Revenue benefits 

-Tighter relationships with customers or partners 
-Work force productivity 
-Innovation and reduced cycle times 
•Cost reduction 
-Operational efficiency 
-Better information flow and knowledge 
-Consistent infrastructure 
-Organized information targeted, more relevant 
•Single sign-on 

-Fewer passwords, better user experience 
•Common presentation 
-Consistent user interface 
-Pervasive access 
•Unification of applications 
-New ways of accessing old applications 


Figure 6-20. Portal Benefits IN234.0 

Notes: 
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Personalization 


•Personalize the content of an application so that it matches 
the unique needs and interests of each user 
•Personalization depends on each user having a profile 
-Explicit profiling - user indicates preferences 
-Implicit profiling - system infers interests from user actions 
•Content selection can be based on different approaches 
-Simple filtering - content based on predefined user groups 
-Rules engines - matches profile based on business rules 
-Inference engines - use statistical methods to extract 
trends from behaviour of users 
-Collaborative filtering - matches user ratings/choices to 
those of users with a similar profile 


Figure 6-21. Personalization IN234.0 

Notes: 

A Personalization service provides a number of approaches that allow users or the 
enterprise to shape the choice, style and format of their selected applications. 
Personalization may be done at many levels: individual, group, role, and so on and it relies 
on other services, such as Presentation and Security. 

There are significant productivity benefits to be gained by allowing users to organize their 
preferred way of navigating to applications, interacting with applications and being provided 
with information feeds. In this way users get what they want rather than being overwhelmed 
by lots of information that they are not interested in. 

Conversely, the enterprise may want to find the most acceptable way to limit (disable) 
services based on their employee, customer or contractual profiles. 

There are also significant IT benefits to be gained from allowing business domain experts 
to dynamically update the personalization/business rules to respond to changing business 
requirements. 

Some of the key functions of the Personalization service include: 
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Identify the user 

• Retrieve the user’s profile (A profile is a stored set of information that describes a user’s 
interests, role in an organization, entitlements or some other set of descriptors that are 
important to the Web site owner. This profile may also be enhanced by: 

- Explicit profiling: In this case, a user is asked to indicate their interests by completing 
a short questionnaire or by some other explicit action. 

- Implicit profiling: In this case, a user is not asked for information. The system instead 
monitors the actions of a user (pages viewed, items purchased, and so on) and 
infers from these actions the interests of the user. 

• Select the content that matches the user’s preferences. There are several approaches 
to making the content decision: 

- Simple filtering: The site displays content based on predefined groups of users. 

- Rules engines: In a rules-based system, the site owner defines a set of business 
rules that determine what category of content is shown when a user of a certain 
profile type visits the site. 

- Inference engines: Inference engines use sophisticated statistical approaches and 
other forms of intelligent software to extract trends from the behavior of users. 

- Collaborative filtering: The user rates a selection of products. These ratings are then 
compared with the ratings offered by other users so that recommendations can be 
made based on similar tastes of other users. 

• Retrieve the content and assemble the page for display to the user. In order to achieve 
these goals across multiple applications the high-level personalization logic must be 
externalized from individual applications. Such externalization enables easier 
integration with other applications in the future. 


6-30 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Data Warehousing 


•Data warehousing addresses the need for easy access to a 
structured store of quality data that can be used for decision 
making. 

•Data warehousing implements the process to: 

-access heterogeneous data sources 
-clean, filter, and transform the data 
-store the data in a structure that is easy to access, 
understand, and use. 

•The data is then used for query, reporting, and data analysis. 


Figure 6-22. Data Warehousing IN234.0 

Notes: 

Data warehousing is the design and implementation of processes, tools, and facilities to 
manage and deliver complete, timely, accurate, and understandable information for 
decision making. It includes all the activities that make it possible for an organization to 
create, manage, and maintain a data warehouse or data mart. 

As such, the access, use, technology, and performance requirements are completely 
different from those in a transaction-oriented operational environment. The volume of data 
in data warehousing can be very high, particularly when considering the requirements for 
historical data analysis. Data analysis programs are often required to scan vast amounts of 
that data, which could result in a negative impact on operational applications, which are 
more performance sensitive. Therefore, there is a requirement to separate the two 
environments to minimize conflicts and degradation of performance in the operational 
environment. 

A business data warehouse is a data store containing detailed, reconciled, and historical 
basic business data, structured according to an enterprise data model and designed to be 
the single, consistent source for all information required for business intelligence purposes. 
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It is guaranteed to be integrated and consistent across the breadth of the business and to 
cover the span of required history of the business. The business data warehouse is seldom 
accessed directly by end users and then solely in read-only mode. 

A data mart is a data store defined and designed to meet the information needs of a 
department or group of users. It contains needed data, detailed or summarized, and 
preferably sourced from the business data warehouse. Data marts are the primary sources 
of information for users, are optimized to satisfy their query or reporting needs, and are 
usually used in read-only mode. 
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Business Intelligence 


•Business intelligence systems focus on improving the access 
and delivery of business information to: 

-Information providers 
-Information consumers 
•Business intelligence systems support: 

-Online analytical processing (OLAP) 

-Information mining tools 
-Prepackaged applications 

•Focus is on the business solution not just data access and 
storage. 


Figure 6-23. Business Intelligence IN234.0 

Notes: 

Businesses collect large quantities of data in their day-to-day operations: data about 
orders, inventory, accounts payable, point-of-sale transactions, and of course, customers. 

In addition, businesses often acquire data, such as demographics and mailing lists, from 
outside sources. Being able to consolidate and analyze this data for better business 
decisions can often lead to a competitive advantage, and learning to uncover and leverage 
those advantages is what business intelligence is all about. 

Business intelligence systems focus on improving the access and delivery of business 
information to both information providers and information consumers. They achieve this by 
providing advanced graphical- and Web-based online analytical processing (OLAP) and 
information mining tools, and prepackaged applications that exploit the power of those 
tools. These applications may need to process and analyze large volumes of information 
using a variety of different tools. A business intelligence system must, therefore, provide 
scalability and be able to support and integrate products from multiple vendors. 

IBM Business Intelligence products include DB2 Intelligent Miner for Data, DB2 Intelligent 
Miner Scoring, DB2 OLAP Server, QMF and WebSphere Commerce Analyzer. In addition 
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IBM Global Services offers a number of Business Intelligence Solutions for different 
industries. 
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Business Intelligence Structure 



Figure 6-24. Business Intelligence Structure IN234.0 

Notes: 
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Domino Server 



Figure 6-25. Domino Server IN234.0 

Notes: 

Domino is the leading collaborative application server; it excels at tasks that deal with 
documents - particularly when documents need to be routed or shared between people - 
and that must be created swiftly and maintained easily. 
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Domino Servers and Clients 


•Servers 

-Domino Mail Server 

•Mail services including calendaring and scheduling 
-Domino Application Server 
•Platform for Web application services 

-Domino Enterprise Server 
•Partitioning, Clustering and Billing 
•Clients 

-Domino Administrator 
-Domino Designer 
-Lotus Notes client 


Figure 6-26. Domino Servers and Clients IN234.0 

Notes: 

The Domino Server family is comprised of three core servers: 

• Domino Mail Server - combines full support for the latest Internet mail standards with 
Domino’s industry-leading messaging capabilities -- all in one manageable and reliable 
infrastructure. 

• Domino Application Server - an open, secure platform optimized to deliver collaborative 
Web applications that integrate your Enterprise systems with rapidly changing business 
processes. 

• Domino Enterprise Server - delivers all the functionality of the Domino Mail and 
Application Servers reinforced with clustering for the high availability and reliability 
required by mission-critical applications, and allows for more detailed and customized 
usage tracking for billing their services. 

The Domino Enterprise Server features consist of: 

• Partitioning 

• Clustering 

• Billing 
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Domino Server Partitioning: Multiple Domino Servers can be configured on a single 
machine. Partitioned servers share the same binary files, and hence, run at the same 
version but have individual data directories that allow for independent configuration of 
resources. There are several reasons for implementing partitioned servers: 

1. To reduce operating system and hardware limiting factors. Multiple Domino partitions 
make more efficient use of server resources than a single server instance as certain 
processes can be run in parallel. 

2. Segregation of server tasks on a single machine. For example, a mail server and 
application server can have individually tuned tasks but run on the same hardware. 

3. Segregation of independent user communities. For example, hosting multiple Domino 
domains or Domino-hosted Web sites on a single machine. 

4. Independent operation of services and resources. Partitions operate independently and 
do not have any effect on each other. This allows an administrator the flexibility to treat 
each partitioned server as though it were a separate system. 

Domino Server Clustering: Multiple Domino Enterprise Servers can be interconnected to 
provide high availability, scalability, and load balancing to Lotus Notes users and browser 
clients (HTTP and HTTPS requests). This is achieved by placing multiple replicas of some 
or all databases onto different servers within the cluster. Subsequently, transparent failover 
or load balancing can redirect the open request for a database on a broken or overloaded 
server to another member of the cluster. These clustered servers should be interconnected 
through a sufficiently high-data transfer bandwidth network to allow for the tight real-time 
synchronization between the databases in the cluster. 

Domino Server Billing: When enabled, the server collects client and server activity 
information. This information provides an enterprise with additional data to enable it to 
perform several tasks. 

• Charge for usage of servers. 

• Monitor usage trends. 

• Conduct resource planning. 

The Domino Client family is comprised of three core clients: 

• Domino Administrator is the new administration client for Notes and Domino. 

• Domino Designer is an integrated development environment. It enables developers to 
rapidly build secure Web applications that incorporate Enterprise data and streamline 
business processes. 

• Lotus Notes provides a single integrated environment to manage e-mail, appointments, 
tasks, key contacts, and Web information. 
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Domino Services 


•Object store 

-Document databases support any number of data types 
•Directory 

-LDAP compliant directory service 
•Security 

-Authentication, digital signatures, access control, encryption 
•Replication 

-Automatically distributes and synchronizes information 
•Messaging 

-E-mail, calendaring and scheduling 

-Supports multiple clients and message transfer agents 
•Workflow 

-Coordinate and streamline ad hoc business activities 
•Agents 

-Automate frequently performed processes 


Figure 6-27. Domino Services IN234.0 

Notes: 

Documents in a Domino database can contain any number of objects and data types, 
including text, rich text, numerical data, structured data, images, graphics, sound, video, file 
attachments, embedded objects, and Java and ActiveX applets. A built-in full text search 
engine makes it easy to index and search documents. The object store also lets your 
Domino applications dynamically present information based on variables such as user 
identity, user preferences, user input, and time. 

A single directory manages all resource directory information for server and network 
configuration, application management, and security. Domino includes user account 
synchronization between NT and Domino, and it is Light Weight Directory Access Protocol 
(LDAP)-compliant 

The Domino security model provides user authentication, digital signatures, flexible access 
control, and encryption. 

Bidirectional replication automatically distributes and synchronizes information and 
applications across geographically dispersed sites. Replication makes your business 
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applications available to users around your company or around the world, regardless of 
time or location. 

An advanced client/server messaging system with built-in calendaring and scheduling 
enables individuals and groups to send and share information easily. Message transfer 
agents (MTAs) seamlessly extend the system to Simple Mail Transfer Protocol 
(SMTP)/Multipurpose Internet Mail Extension (MIME), X.400, and cc:Mail messaging 
environments. The Domino messaging service provides a single server supporting a 
variety of mail clients: Post Office Protocol V3 (POP3), Internet Message Access Protocol 
V4 (IMAP4), Message Application Programming Interface (MAPI), Lotus Notes clients and 
Lotus iNotes Web Access. 

A workflow engine distributes, routes, and tracks documents according to a process 
defined in your applications. Workflow enables you to coordinate and streamline ad hoc 
business activities across an organization, and with customers, partners, and suppliers. 

If you need more structured workflow you can get the product Domino Workflow that 
leverages all of Dominos functionality and adds tools for structured people oriented 
workflow. 

Agents enable you to automate frequently performed processes, eliminating tedious 
administration tasks and speeding up your business applications. Agents can be triggered 
by time or events in a business application. Agents can be run on Domino servers or Lotus 
Notes clients. 
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Domino and WebSphere 


Feature 

Domino 

WebSphere 

Application type 

Collaborative 

Integrating or 
Transactional 

Content type 

Document 

Data 

Object type 

Form, view, database 

Servlet, JSP, 
JavaBean, EJB 

Architecture 

Integrated object model 

J2EE 

Scalability 

Large 

Massive 

Skills required 

Moderate 

High 

Development 

BASIC, COM, Java 

J2EE 

©fi^!s supported 

Notes, Browser 

Browser 

Protocols 

supported 

NRPC, HTTP, MOP, SMTP, 
NNTP, IMAP, POP3, and 
so forth 

HTTP, MOP 

Application Tools 

Domino Designer 

WebSphere Studio 


Figure 6-28. Domino and WebSphere IN234.0 

Notes: 

Lotus Domino and IBM WebSphere are premier application servers that address different 
parts of the market. Domino is the leading collaborative application server; it excels at tasks 
that deal with documents - particularly when documents need to be routed or shared 
between people - and that must be created swiftly and maintained easily. WebSphere is a 
definitive Java Web Application Server (WAS), and thus it excels at tasks that require 
massive scalability, transaction support, and a pure Java development model. 

The table shows some characteristics that differentiate between the two application 
servers. Note however that it is possible, for example, to create rich applications in Domino 
that rely almost exclusively on backend data systems. Similarly, it's possible in WebSphere 
to create content-intensive applications based on dynamic documents. Examples exist of 
these application types - and in many cases the reason for creating them this way is as 
simple as already having the software or skills in place. 
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WebSphere Portal Server 


•A horizontal, open portal solution 
-Multiple offerings, spanning B2E, 

B2B, B2C 

-Integrated collaborative services 
-Wired and wireless devices 
-Enterprise and service provider 
requirements 

•A framework that enables extended features 
-EIP for advanced information integration 
-Lotus Discovery Server for knowledge management. 

-Tivoli for advanced user management/security management 
•Leverages the robustness of the WebSphere family 
•A portfolio of portlets: 

-IBM and Business Partner developed 
-Customer developed 


Lotus 

Collaboration 

Tools 


Pervasive 

Devices 



WebSphere 

Portal 

Family 


Tivoli 

Security 


WebSphere 


Figure 6-29. WebSphere Portal Server IN234.0 

Notes: 

IBM WebSphere Portal for Multiplatforms provides a single point of interaction with 
dynamic information, applications, processes and people-to help build successful 
business-to-employee (B2E), business-to-business (B2B) and business-to-consumer 
(B2C) portals. WebSphere Portal also supports a wide variety of pervasive devices 
enabling users to interact with their portal anytime, anywhere-using any device, wired or 
wireless. 

WebSphere Portal consists of three packaged offerings: 

• WebSphere Portal Enable offering enables you to build scalable portals that simplify 
and speed a user's access to personalized information and applications 

• WebSphere Portal Extend offering allows your portal users to act on information and 
applications accessed by collaborating with other portal users. This offering includes all 
capabilities of the Enable offering, plus integrated team room, instant messaging, 
extended search, community and Web site analysis capabilities 
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• WebSphere Portal Experience offering provides the capability for a developing, 
deploying and maintaining enterprise portals This solution includes all the capabilities of 
the Extend offering, plus advanced e-meeting, application sharing, enterprise content 
management and enhanced security features 
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WebSphere Portal Components 



Enable 

Extend 

Experience 

IBM WebSphere Application Server Advanced V4.0.2 

X 

X 

X 

IBM Secureway Directory V3.2.2 

X 

X 

X 

IBM WebSphere Personalization V4.0 

X 

X 

X 

DB2 Universal Database V7.2+Fixpack 5 

X 

X 

X 

IBM WebSphere Studio Application Developer V4.02 

X 

X 

X 

Web Content Publisher 

X 

X 

X 

Lotus Collaborative Places 


X 

X 

Lotus Collaborative Components 


X 

X 

Lotus Extended Search R3.6 


X 

X 

Tivoli Web Site Analyzer V4.1 


X 

X 

Lotus Sametime R2.6 


** 

X 

Lotus Quickplace R2.5 


** 

X 

IBM Content Manager V7 



X 

Tivoli Access Manager V3.9 



X 

Enterprise Information Portal 



X 

**ln Extend Sametime and Quickplace are limited portal use only and limited functionality. In Experience 
customers can use inside or outside of the portal for 1000 users. 


Figure 6-30. WebSphere Portal Components IN234.0 

Notes: 

The table lists the IBM products included in each WebSphere Portal offering. 
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WebSphere Portal Server Architecture 
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Figure 6-31. WebSphere Portal Server Architecture IN234.0 

Notes: 

IBM’s WebSphere Portal Server is essentially a Web application that runs within the IBM 
WebSphere Application Server (WAS) environment. This allows WPS to take advantage of 
the core services in WAS for connectivity to various data sources and applications (for 
example, IBM’s Directory Server for LDAP). In addition, WPS provides a Portlet API that 
allows the developer to create compact Java Web applications on top of the WPS 
application, and thus have access to all the core services via simple-to-implement tag 
libraries and extended classes. This allows a developer creating end-user services to avoid 
having to rewrite core connectors to WAS services each time they want to provide 
functionality. 

For example, WPS can leverage the concept of Web Services by allowing developers to 
create their own portlets or use the existing Web services portlets with tag libraries to 
enable this communication. They can avoid having to write their own SOAP-based 
wrappers and use the common wrappers available to WPS via the core services in WAS. 
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What Is a Portlet? 

•Portlet = Individual Application Panel on a Portal Page 



Business 

(Workflow, CRM, 
Ordering, ...) 

Portlet Title f/Jm 



-__ 



Entertainment 

(Games, Videos, 
Music, ...) 



Information 


Communication 


Productivity 

(Stock Quotes, 


(Chat, Mail, SMS, 


(Calendar, ToDo, 

Weather Info, ...) 


Fax, Phone, ...) 


Notebook, ...) 


and much more! 


Figure 6-32. What is a Portlet? IN234.0 

Notes: 
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Portlet Development 


•Code Portlets like servlets. 

•One instance of each portlet class shared by all requesters. 
-Must avoid instance variables, synchronized methods. 

•A model-view-controller design is recommended. 

-Controller renders the portlet by calling the views. 

-Views are usually implemented as Java Server Pages 
(JSPs). 

-Model is the data bean that holds the internal settings. 
•Portlets may have several different views - standard, 
maximized, edit views. 

•Reuse what is available for portlets - servlets, applets, JSPs, 
HTML, XML, and so forth. 

•Packaged and installed with Portlet Archive File (PAR). 
•Portlets can be developing using a Java IDE or a text editor 
and the javac command. 

-No direct support for portlet development in WSAD yet 


Figure 6-33. Portlet Development IN234.0 

Notes: 
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Portal Customization 


•Users can customize portlet page in a number of ways: 

-Create new pages 
-Select layout 

-Select portlets to appear on page 
-Select portlet location on page 
-Select devices for portlets 
-Portlet themes and skins 
•Portlet Themes 

-Themes represent the look and feel of the portal overall, including colors 
and fonts. 

•DefauItTheme, GreyTheme, KhahiTheme, LilacTheme, TealTheme 
•Skins 

-Skins represent the border rendering around an individual portlet. 
•Album, Shadow, Outline, Hint 
•K-station functionality adds additional options. 

-Shared Places, choosing background graphic themes, using templates, 
layout reuse, and much more. 


Figure 6-34. Portal Customization IN234.0 

Notes: 
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WebSphere Personalization 


•Personalize the content of a Web site, intranet or extranet so 
that it matches the unique needs and interests of each visitor 
•Three main content engines: 

-Rules Engine 
-Resource Engine 
-Recommendation Engine 
•Features: 

-Personalization Workspace 
-Campaign management 
-Rule and campaign 
effectiveness 
-Implicit profiling 
-Wizards for WebSphere 
Studio family 


Select a Classifier 


Available Classifiers: 


Name 


I Package 


Industry 

Season 


When CustomerLevel 
Is Platinum 
Select PremiumAwards 


Select an Action or Classifier 


(* Available Actions: 


Select a Classification 


Available Classifications for Cu 


□ Gold 
p] Platinum 

□ Silver 


Name 


| Ty... ] Package 


□ SelectNewsletters T ext 

PI SelectPremiumAwards Text 

□ S elects tockU pdates T ext 


y 


Figure 6-35. WebSphere Personalization IN234.0 

Notes: 

IBM WebSphere Personalization for Multiplatforms, Version 4.0 allows you to personalize 
the content of a Web site, intranet or extranet so that it matches the unique needs and 
interests of each visitor. Personalization makes the site more interesting and easier to use, 
thereby attracting a larger audience and improving service. 

WebSphere Personalization includes three main content engines: 

• Rules Engine: executes the business rules that determine which content is displayed to 
each site visitor. 

• Recommendation Engine: uses collaborative filtering and item affinity analysis to offer 
content and product recommendations to site visitors, enabling cross-selling and 
up-selling (using LikeMinds Personalization Server). 

• Resource Engine: enables Web site owners to optimize their personalization strategy by 
calling upon content and profile information such as customer order records and 
employee data in human resource files. Information from customer relationship 
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management (CRM), Enterprise Resource Planning (ERP) and other databases can 
also be used to develop profiles on site visitors. 

Business managers can use the Personalization workspace browser-based tool to easily 
control and preview a Web site's personalization behavior. 

The Personalization workspace component gives business managers the ability to control 
time-delimited personalized Web site content, and personalize e-mails targeted for specific 
segments of the audience. Multiple campaigns can be implemented simultaneously. 

You can Integrate WebSphere Personalization V4.0 and WebSphere Site Analyzer V4.0 to 
more accurately personalize content for your intended audiences. Reports allow you to 
gauge campaign and rule effectiveness, update user profiles, modify business rules 
accordingly and help ensure that your personalized site is meeting your business 
objectives. 

You can develop site visitor profiles in real-time and personalize content, based on visitor 
activity, while the visitor views the site. Implicit profiling allows you to log information about 
the content that a Web site user views. You can use this information in real-time to modify 
the content that is shown, which makes the site more responsive to each visitor’s interests. 

Wizards for WebSphere Studio V4.0 Advanced Edition and WebSphere Studio Application 
Developer V4.0 integrate personalized content with site Web pages. 
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Exercise Introduction 



Figure 6-36. Exercise Introduction IN234.0 

Notes: 
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Unit Summary 

•Collaboration Business Pattern 
•Information Aggregation Business Pattern 
-Population 
-Information Access 

•Data Warehousing and Business Intelligence 

•Domino 

•Portals 

•Personalization 


Figure 6-37. Unit Summary IN234.0 

Notes: 
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Unit 7. Creating a Design for Application 
Integration 


Student Notebook 


What This Unit Is About 

This unit enables students to create an e-business application design 
using application integration patterns. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Explain the application integration e-business patterns 

- Differentiate between process-focused and data-focused 
patterns 

- Discuss common services of each 

• Differentiate between components of different patterns 

• Describe categories of patterns by: 

- Functions 

- Mode of connection 

- Topology 

• Associate business drivers to patterns 

• Select patterns by: 

- IT drivers 

- Business drivers 

- Technology differentiators 

• Create a pattern-based design using provided templates and 
simple notation conventions 

How You Will Check Your Progress 

Accountability: 

• Case Study exercise 
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Design with 
Patterns 


e-business 


Welcome to: 


Unit 7. Creating a Design for Application 

Integration 



Figure 7-1. Unit 7. Creating a Design for Application Integration IN234.0 


Notes: 
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7.1 Creating a Design for Application Integration 
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Unit Objectives 


After completing this unit, you should be able to: 

•Explain the application integration e-business patterns 
-Differentiate between process-focused and data-focused 
patterns 

-Discuss common services of each 
•Differentiate between components of different patterns 
•Describe categories of patterns by: 

-Functions 

-Mode of connection 

-Topology 

•Associate business drivers to patterns 
•Select patterns by: 

-IT drivers 
-Business drivers 
-Technology differentiators 

•Create a pattern-based design using provided templates and 
simple notation conventions 


Figure 7-2. Unit Objectives IN234.0 

Notes: 
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Integration Patterns 


Integration Patterns provide the glue to combine Business Patterns to form 
solutions 



Notes: 

Complex e-business applications can be built by combining multiple Business patterns 
together. This is accomplished by using Integration patterns as the glue between Business 
patterns. Integration patterns are differentiated from Business patterns in that they do not 
themselves automate specific business problems. Rather, they are used within Business 
patterns to support more advanced functions, or to make Composite patterns feasible by 
allowing the integration of two or more Business patterns. The two Integration patterns 
documented on this site are: 

Access Integration - The Access Integration pattern describes those recurring designs that 
enable access to one or more Business patterns. In particular, this pattern enables access 
from multiple channels (devices) and integrates the common services required to support a 
consistent user interface. 

Application Integration - The Application Integration pattern brings together multiple 
applications and information sources without the user directly invoking them. This pattern is 
most effectively applied when developmental efforts require the seamless execution of 
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multiple applications and access to their respective data in order to automate a complex, 
new business function. 
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Application Integration Pattern 


•The Application Integration pattern integrates multiple 
Business patterns or integrates applications and data within 
an individual Business pattern 
•Two approaches: 

-Process Integration 
-Data Integration 
•Business and IT Drivers 

-The business process needs to be integrated with existing 
business systems and information. 

-The business processes need to integrate with processes 
and information that exist at partner organizations. 

-The business activity has a need to aggregate, organize, 
and present information from various sources within and 
outside of the organization. 


Figure 7-4. Application Integration Pattern IN234.0 

Notes: 

The Application Integration (aka Enterprise Application Integration or EAI) pattern serves to 
integrate multiple Business patterns or to integrate applications and data within an 
individual Business pattern. The requirements that gave rise to this pattern call for the 
seamless execution of multiple applications and access to their respective data in order to 
automate a complex, new business function. Reliable integration of applications - be they 
legacy stovepipe applications, packaged software applications, or custom applications - 
requires the use of proven replicable patterns. At its highest level, application integration 
can be divided into two essentially different approaches: 

Process Integration - the integration of the functional flow of processing between the 
applications. 

Data Integration - the integration of the information used by applications. 

Neither approach is necessarily better than the other. Rather, specific integration 
requirements dictate which approach best solves a given business problem. For example, 
the integration of an e-commerce application with an Enterprise Resource Planning (ERP) 
system for a newly created sales order would most definitely be a Process integration 
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activity. However in the same solution, the master data synchronization of the product 
catalog between the ERP system and the e-commerce system would be a data integration 
activity. 
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Application Integration Patterns Classification 


Application Integration application patterns can be classified: 
•By the function or work that they perform: 

-Message passthru 
-Message routing 

•Message enhancement 
•Message workflow 
•By the focus of integration: 

-Data 

-Process (or Message) 

•By the mode of connection deployed: 

-Asynchronous 
-Synchronous 
•By the targeted topology: 

-Point-to-point 

-Multipoint 


Figure 7-5. Application Integration Patterns Classification IN234.0 

Notes: 
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Process-focused Application Integration Patterns 


Used when applications need to coordinate processing 
•Five application patterns: 

-Direct Connection 
-Aggregator 
-Transactional 
-Managed Process 
-Broker 

•Pattern selection based on type or request and type of 
coordination in the EAI process 



Type of Coordination in EAI Process 

Type of Request 

Application 

Coordinated 

Transactional 

Coordinated 

Brokered 

Coordinated 

Process Managed 
(BPM) Coordinated 

Information 

Request (IR) 

Direct Connection 

N/A 

Aggregator 

N/A 

Processing 

Request (PR) , 

Direct Connection 
r * 

Transactional 
r ' 

Broker 

f ' 

Managed Process 

r 


Figure 7-6. Process-focused Application Integration Patterns IN234.0 

Notes: 

Process-focused application integration application patterns are observed where multiple 
automated business processes are combined to yield a new business offering or to provide 
a consolidated view of some business entity with many representations in the corporate 
business systems. An often quoted example is the consolidated view of the state of all 
relationships of the business with a particular customer. 

This mode of integration is highly flexible. In its more sophisticated form it enables late 
binding of the targets of integration and is particularly useful in tying together different 
platforms and technologies. However, it represents a more difficult design and 
development task compared to data-focused integration and often requires complex 
middleware. 

Process-focused Application Integration has two primary types of requests: those for 
information only (read-only), and those that are for processing (update). Although both 
types of requests carry state, only processing requests change state in the target 
application. 
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To determine the appropriate Application pattern for a given information request (IR) or 
processing request (PR), also consider the type of coordination that the EAI infrastructure 
affords participating applications. At the most basic level, deemed simply application 
coordination, an application coordinates both access and updates, while the EAI 
infrastructure provides transport and transformations. If synchronized updates are 
required, transactional coordination is necessary. Alternatively, brokered coordination 
provides a loosely coupled coordination of the requests with rules-based routing and 
decomposition/recomposition facilities. Finally, process-managed coordination provides 
the ability to create an extended (or long-running) process with state that drives the 
application updates. 
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Common Services 


•Common services used by Process-focused Application 
Integration Patterns 
-Protocol adaptors 
-Message handlers 
-Data transformation 
-Decomposition/Recomposition 
-Routing/Navigation 
-State management 
-Security 

-Local business logic 

-(Business) unit-of-work management 


Figure 7-7. Common Services IN234.0 

Notes: 

Process-focused application patterns contain a well-defined set of services, combinations 
of which are used in the patterns observed in practice. These services include: 

Protocol adaptors - Protocol adapters transform the protocol used by a communicating 
partner application. They are particularly important for allowing integration with legacy 
systems since legacy systems typically cannot be changed to adopt a new, common 
protocol. Instead legacy systems may require terminal emulators, for example. Software 
components, which implement protocols native to an integration hub, are also included in 
this service, for example, messaging, MOP, and so on. 

Message handlers - Message handlers deal with the discovery (parsing) of the in-bound 
message content, the optional conversion to a common internal format and the building of 
the format expected by the target systems. Current implementations use XML as the 
internal format and increasingly also for the out-bound message format. 

Data transformation - A service, frequently referencing a repository of common data 
formats, to resolve data representation (schema) differences between the applications to 
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be integrated. In simpler cases this service can be performed by the message 
handlers-especially if using the power of XML 

Decomposition/Recomposition - The attraction of application integration is, among others, 
the ability to access multiple applications with a single request. To make this possible a 
service is required to turn such a complex, compound request into a series of simple 
distinct requests (decomposition) and then to compile the results into a single response 
(recomposition). This service is particularly important if the source of the request is an 
end-user. 

Routing/Navigation - This is also referred to as micro workflow or system workflow. The 
multiple requests, generated by the Decomposition/Recomposition service can be 
executed in an arbitrary sequence and with parallelism. The ordering of the execution is 
sometimes referred to as message choreography and essentially represents the navigation 
among the target systems, driven by business rules. This navigation frequently records the 
degree of completeness of the request and the cases when error messages must be 
generated. In its primitive form navigation merely performs the routing of a request to the 
target adapter/connection. 

State management - This is an optional facility supporting the preservation of state 
information between multiple application message exchanges. It can also support 
work-in-progress data, obviating the need for repeated access to target systems. 

Security - Permission to access the participating applications may be associated with the 
requesting application itself or this application may carry the credentials of a user initiating 
the actions. Consequently access control can be applied as far as the requesting 
application (a transit of trust) or only from the Integration Hub (a trusted source) that 
authenticated the original request. Securing messages transported and ensuring 
integration is achieved only with authorized applications under the correct user credentials 
is a must. 

Local business logic - This service provides an opportunity to augment the results of 
compound requests or in a more complex case to generate additional requests. The 
business logic frequently drives the navigation as well. 

(Business) unit-of-work management - A number of Application patterns involved in 
application integration need to execute under transactional control such that a unit of work 
completes entirely or not at all. The unit of work here is defined in a broad sense, which 
may span multiple, independent changes occurring within independent applications, at 
times during an extended time period. 
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Direct Connection Application Pattern 


•Business Driver 

Only two applications are being integrated with a standard or 
mutually implemented interface or message format. 

•Runtime pattern variations 
-Synchronous Connection 
-Asynchronous Connection 
-Message Bus 


Process Process 



Figure 7-8. Direct Connection Application Pattern IN234.0 

Notes: 

The Direct Connection application pattern helps to structure a system design that allows a 
pair of applications to directly communicate with each other. 

The integration enabled through this Application pattern typically requires only a connector 
or an adapter to implement. 
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Direct Connection Run-time Patterns 


Synchronous Connection 


Application 

IV 

Synch 

Application 1 

server 

Or 

protocol 

server 


Asynchronous Connection 


Application 

server 




Asynch 


protocol 


- Ad^pt.l Application 
* server 


Message Bus 



Figure 7-9. Direct Connection Run-time Patterns 


IN234.0 


Notes: 

The Direct Connection application pattern has three Runtime patterns. 

In the Synchronous Connection the source application uses a connector to access the 
target application through remote APIs. This is a tightly coupled approach for integration. 

In the Asynchronous Connection, the source application uses request / reply processing in 
a messaging infrastructure. The use of adapters to implement the solution enables a loose 
coupling of the applications being integrated. 

A Message Bus integration design specializes the asynchronous connection pattern to 
extend beyond a direct point-to-point solution. Applications, typically newly developed, that 
support the messaging interface with agreed-upon message formats (no transformation 
required) can use a message bus design with Publish / Subscribe. Publish / Subscribe 
enables a flexible many-to-many application integration design based on publishing 
messages of a certain topic that listeners receive through their subscriptions. 
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Aggregator Application Pattern 


•Business Driver 

An Informational Request, typically initiated by a user, is best 
delivered through process integration with the target 
applications rather than through data integration. 


Process Process 



Figure 7-10. Aggregator Application Pattern IN234.0 

Notes: 

The Aggregator application pattern facilitates multi-point requests for information 
integration between applications. 

This pattern is also applicable to the 1:1 application integration scenario where source and 
target do not adhere to the same message and interface formats and therefore require a 
transformation service in the EAI Infrastructure. In the latter case, this Application pattern is 
sometimes referred to as a Router application pattern. 

Note: In the patterns for e-business book the Aggregator application pattern is not 
included, but the Router subset of this pattern is described. 
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Aggregator Run-time Pattern 
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Figure 7-11. Aggregator Run-time Pattern IN234.0 

Notes: 

The Aggregator application pattern satisfies a request for information through integration 
with one or more target applications. Key components of this solution design include 
message transformation, content-based routing, and message decomposition / 
re-composition. 

Solution Design Components 

• Message Repository: The message repository is a dictionary of messages that includes 
application specific messages and standardized messages. The repository is integrated 
with the AD environment of the Integration Broker to facilitate data mapping definitions. 

• Directory: An integrated LDAP directory can be used for content-based routing 
decisions. Application information stored in the directory enables the integration broker 
to make routing decisions. 

• Integration Broker: The integration broker is the hub of the integration activity. It 
provides message transformation between the application formats, rules-based or 
directory-based message routing, and decomposition / recomposition of the Processing 
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Request and its associated acknowledgement. Persistence during the decomp / 
recomp process is provided by the integration broker attached database. 

Usage Scenarios 

Determining which services need to be exploited in a particular flow can be accomplished 
by use of the information in the table. 


7-20 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Transactional Application Pattern 


•Business Driver 

Required when a processing request needs two-phase 
commit control over the resource/application updates. 


Process Process 



Figure 7-12. Transactional Application Pattern IN234.0 

Notes: 

The Transactional application pattern facilitates application integration that enables request 
for processing with two-phase commit coordination. 

Note: In the patterns for e-business book the Transactional application pattern is not 
included. 
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Transactional Run-time Pattern 



Figure 7-13. Transactional Run-time Pattern IN234.0 

Notes: 

The Transactional Run-time pattern implements a two-phase commit of the request from 
the source application against multiple target applications and databases. All the 
participating target resources must be XA-compliant resources that can support commit 
and rollback commands. Connectors or direct remote invocation can be used for the 
connection between the Integration Server and the target resources. 

Transactional Scope 

In addition to the number of target resources involved in the unit of work, it is extremely 
important to understand the breadth of the transactional scope. This scope can vary widely, 
assuming any of the following magnitudes: 

• Single Resource 

• Multiple Resources on a single Resource Manager 

• Multiple Resource Managers on a single system 

• Distributed Transaction Processing 
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Broker Application Pattern 


•Business Driver 

Required when a processing request requires coordinated 
execution of the integrated business process where: 

-Tight coupling is cost-prohibitive 

-It is acceptable that the operations complete but not under 
the control of a two-phase commit 


Process Process 



Figure 7-14. Broker Application Pattern IN234.0 

Notes: 

The Broker application pattern enables request for processing integration by using an 
integration broker to coordinate updates to backend systems. 
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Broker Run-time Pattern 



Figure 7-15. Broker Runtime Pattern IN234.0 

Notes: 

The Broker application pattern implements a processing request that requires updates to 
multiple target systems with loosely coupled interfaces. Together the messaging 
infrastructure and the integration broker provide a durable messaging environment where 
both the initial request and the specific requests to the target systems are delivered and 
executed once and once only. 

Solution Design Components 

• Message Repository: The message repository is a dictionary of messages that includes 
application specific messages and standardized messages. The repository is integrated 
with the AD environment of the Integration Broker to facilitate data mapping definitions. 

• Directory: An integrated LDAP directory can be used for content-based routing 
decisions. Application information stored in the directory enables the integration broker 
to make routing decisions. 

• Integration Broker: The integration broker is the hub of the integration activity. It 
provides message transformation between the application formats, rules-based or 
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directory-based message routing, and decomposition / re-composition of the 
Processing Request and its associated acknowledgement. Persistence during the 
decomposition/ recomposition process is provided by the integration broker attached 
database. 
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Managed Process Application Pattern 


•Business Driver 

Required when Business Process Management is needed to 
drive an extended business process. 

•Run-time pattern variations 
-Tightly Coupled BPM Process 
-Loosely Coupled BPM Process 
-Integrating Process Islands 


Process Process 



Figure 7-16. Managed Process Application Pattern IN234.0 

Notes: 

The Managed Process application pattern enables request for processing executing as an 
extended business process coordinated by the Business Process Management 
component. 
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Managed Process Run-time Pattern 
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Figure 7-17. Managed Process Run-time Pattern 


IN234.0 


Notes: 

The Managed Process application pattern extends the Transactional and Broker 
Application Patterns with the addition of a business process manager that drives a 
long-running business process. Extended workflow and sophisticated coordination and 
recovery logic can be implemented using this solution design. The extended process 
includes interaction with users, integration with packaged applications, updates to 
database resources, and invocation of legacy applications. The key component of this 
solution design is the Process Server or Business Process Manager (BPM). 

Preserving transactional integrity is a must for handling workflow processes that extend in 
duration beyond two processing requests. This situation is managed better by a BPM than 
a TP Monitor. Using a compensation sphere approach, the process modeling tool can 
create business processes with undo functionality to handle recovery conditions. An 
example of a business situation where these features might be required is canceling a flight 
reservation after it has been determined that all the hotels in the city are booked. 

The first Run-time pattern (Tightly Coupled BPM Process) defines an extended workflow 
where applications are tightly coupled to the process server. The process server invokes 
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applications through remote interfaces either directly or mapped through connector 
technology. Individual workflow activities are implemented using the specific interfaces of 
the target application. This tight coupling can become a limitation when a large number of 
applications need to be accessed. 

The second Run-time pattern (Loosely Coupled BPM Process) extends the first with the 
introduction of an Integration Server as discussed in the Broker application pattern. This 
Integration Server enables the process server to initiate process activities through a 
standard messaging interface that the Integration Server maps to each application's 
specific format. When the Integration Server handles message transformation, message 
routing, and message decomposition / recomposition, the Process Server is free to focus 
on the execution of the robust business process. 

As enterprises continue to automate and improve business processes using BPM, they 
discover the need to integrate pre-existing workflows into the overall business process. 
Many prepackaged applications contain a workflow solution as part of their functionality (for 
example, SAP R/3, Siebel). This, in combination with custom workflow solutions that 
organizations have constructed using products like Lotus Notes, indicates the need to 
integrate these process islands into a comprehensive business process. 
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Data-focused Application Patterns 


Used when applications need to share information 
•Four application patterns: 

-Propagation 
-Replication 
-Operational Data Store 
-Federated Repository 

•Pattern selection based on enterprise data topology and 
database affinity 
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Figure 7-18. Data-focused Application Patterns IN234.0 

Notes: 

When applications need to share information rather than coordinate processing, 
data-focused application integration is more appropriate than a process-focused approach. 
Note, however, that when the frequency of data update is extremely high (for example, 
when integrating an order entry system with a backend ERP system), process integration is 
the best solution. When this is not the case, however, integration of (application) data 
repositories is handled outside of any specific application request. 

In delineating data integration application patterns two key environmental questions should 
be asked: 

• Is the Enterprise Data Topology Centralized or Decentralized? 

- Centralized: This integration effort will bring about centralized access to all or a 
subset of the enterprise data model. 

- Decentralized: Applications will retain their isolated repositories but now with 
cohesion based on data integration. 

• What is the Database Affinity type? 
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- Homogeneous: all repositories are of the same type 

- Multivendor Relational: all repositories are relational with ODBC / JDBC support for 
interoperability but are from different vendors 

- Heterogeneous Structured: repositories are not all relational but all have a 
structured layout 

- Structured / Non-Structured: the need to integrate non-structured (for example, 
free-form text) with structured data sources 
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Propagation Application Pattern 


•Business Driver 

Required for data integration where one repository serves as 
the source of truth to others for a subset of the enterprise 
information model. 

•Runtime pattern variations 
-Direct Database Interaction 
-Packaged Software Integration 
-Multisourcing 



Figure 7-19. Propagation Application Pattern IN234.0 

Notes: 

The Propagation application pattern facilitates the coordinated movement of data between 
isolated application repositories. 

The main motivation for choosing this Application pattern is that this approach is 
completely non-invasive to applications. This is ideal for environments where changes to 
the application are impossible or highly undesirable (for example, packaged applications or 
legacy applications). Where no transformation is required, this Application pattern is 
sometimes known as Data Mirroring. 

Note: In the patterns for e-business book the Propagation application pattern is not 
included, but the Data Mirroring subset of this pattern is described. 
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Propagation Run-time Patterns 


Direct Database Interaction 
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Figure 7-20. Propagation Run-time Patterns 


IN234.0 


Notes: 

The Propagation application pattern integrates isolated repositories to enable shared 
information. One repository is the source and the other is the receiver. Good application 
design dictates that the applications interacting with the receiver database do not have 
update authority to the data being shared. This avoids change conflicts. There are 
acceptable exceptions to this rule, however. For example, price lists that are propagated 
from the central office out to each store can be updated by the store manager based on 
their best judgment for selling in that particular environment. In this scenario change 
conflict is contained since the changed prices do not flow back to the central office. 

The most basic example of this run-time pattern is direct propagation flow through 
interaction with the database management subsystems using ODBC or JDBC. The 
Integration Server provides the transformation process between the schema and semantic 
formats of each repository. In addition, it handles the differences between different types of 
structured data repositories (for example, mapping from Oracle to DB2, or from IMS to 
DB2). 
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The Direct Database Integration Run-time pattern works well when the source and target 
data sets are accessible directly through the database subsystem. However, there are 
cases where the data is either not accessible or not useful when accessed directly from the 
database. Certain packaged software vendors - for the very good reason of preserving 
application data integrity - do not allow updates directly to their database. Updates need to 
go through a load utility or application programming interface. Likewise on the source side, 
the schema is so highly normalized and application specific that extracting meaningful 
information from the database is nearly impossible. 

For these conditions, a second Run-time propagation pattern illustrates how Adapters can 
be used in concert with the Integration Server to provide a solution for propagating 
information through Application interfaces. 

The third Propagation Run-time pattern enables multisourcing in instances where the 
source for propagation is not one repository but is a set of different repositories. A 
multisourcing solution essentially needs to join together multiple sources at a point-in-time 
to instantiate the propagation data set. 
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Replication Application Pattern 


•Business Driver 

May be required for geographically dispersed applications 
using similar database technologies and schemas. It is 
needed by mobile workers who can not have direct access to 
the central repository. 



Figure 7-21. Replication Application Pattern IN234.0 

Notes: 

The Replication application pattern enables a coordinated bidirectional update flow of data 
in a multicopy database environment. 

Inherent support of replication by database products makes this an ideal solution for 
distributed environments. For homogeneous database environments, replication is very 
straightforward. 

Note: In the patterns for e-business book the Replication application pattern is not 
included. 
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Replication Run-time Pattern 



Figure 7-22. Replication Run-time Pattern IN234.0 

Notes: 

The Replication application pattern integrates homogeneous data repositories together 
using database replication technologies. This is a lower-cost alternative to implementation 
of a propagation process, as previously described, because replication is typically a feature 
of the database product or an add-on product. 

Key design points to consider when implementing a replication solution include: 

• Determining if the data repositories are of similar types 

• Determining if both the source and target repositories are supported by the replication 
technology 

• Determining if the data domain can be divided into spheres of control that will allow 
each application to update their version of the data without causing replication conflicts 

• Outlining a plan for resolving replication conflicts 
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Operational Data Store Application Pattern 


•Business Driver 

Required for the integration of multiple applications, each 
containing an information subset, into one common 
repository. 


Access 



Figure 7-23. Operational Data Store Application Pattern IN234.0 

Notes: 

The Operational Data Store application pattern serves as a centralized operational 
repository that aggregates the slices of information from various applications into a 
complete picture. 

It is ideally suited for situations where data isolation has become an inhibitor to enhancing 
business functionality. Under these conditions, when each individual application can only 
provide a partial point-in-time answer, the Operational Data Store (ODS) provides access 
to aggregated data across various business functions. It is also an ideal solution where the 
complexities of each application's data design dictates that direct access to a consolidated 
view is completely unachievable. 

Note that this Application pattern differs both in solution design and functionality from the 
Information Aggregation::Operational Data Store Combined run-time pattern. 
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Operational Data Store Run-time Pattern 
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Figure 7-24. Operational Data Store Run-time Pattern IN234.0 

Notes: 

The Operational Data Store application pattern enables an enterprise to move to a 
centralized operational repository. Typically not all the enterprise's data is migrated to this 
central repository. Instead it contains a key subset of the data that is accessed frequently 
by multiple applications. 

The data population process uses the same techniques as the multisourcing Propagation 
pattern described previously, but populates only the Operational Data Store (ODS) as the 
target repository. 
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Federated Repository Application Pattern 


•Business Driver 

Appropriate when an infrastructure for integrating data 
sources is needed without the need for propagation and 
additional repository. It can be driven by the need for unified 
information access by portal projects. 



Figure 7-25. Federated Repository Application Pattern IN234.0 

Notes: 

The Federated Repository application pattern creates a unified query interface into isolated 
structured and unstructured repositories. 

It is useful where relational data and text data need to be accessible through one common 
Web search interface. It is also applicable for the structured data-only solutions where the 
frequency of change of application data would prohibit an ODS solution. 

Note: In the patterns for e-business book the Federated Repository application pattern is 
not included. 
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Federated Repository Run-time Pattern 



Figure 7-26. Federated Repository Run-time Pattern IN234.0 

Notes: 

The Federated Repository application pattern offers a unified interface to multiple data 
sources with a federated search capability. The federated search capability is available for 
both structured information (data) and unstructured information (text documents) through 
one interface. Connectors to each of the target sources abstract the specific interface to 
each repository. This design, combined with the metadata repository, enables one query to 
be executed against multiple targets, returning one result set to the user. 
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Cross-Pattern Application Integration 


Patterns 

Being 

Integrated 

Self-Service 

Information 

Aggregation 

Collaboration 

Extended 

Enterprise 

Packaged 

Software 

Legacy 

Applications 

Self-Service 


Operational 
Data Store 

Direct 

Connection 

Broker or 
Propagation 

Aggregator or 
Broker 

Aggregator, 
Transactional, 
or Broker 

Information 

Aggregation 

Propagation 



Propagation 



Collaboration 

Propagation 



Propagation 

Propagation 

Propagation 

Extended 

Enterprise 

Broker or 
Propagation 




Aggregator or 
Broker 

Aggregator, 
Transactional, 
or Broker 

Packaged 

Software 





Aggregator or 
Broker 

Aggregator, 
Broker, or 
Propagation 

Legacy 

Applications 


r ' 

r ' 

Broker or 
propagation 

r i 

r 


Figure 7-27. Cross-Pattern Application Integration IN234.0 

Notes: 

Developing EAI solutions for integration between Business patterns is extremely important, 
because many e-business solutions are actually composites of multiple Business patterns. 

The table details which Application Integration application patterns can be used to integrate 
varying combinations of Business patterns. The table also includes information on the 
choice of Application pattern to use when integrating with packaged software products and 
legacy applications. Note that the table only includes information about the Application 
Integration pattern. The Access Integration pattern can also be used to connect Business 
patterns, and is a more appropriate choice when Business patterns need only be 
integrated at the user interface level. 
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Basic Communication Patterns 
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Figure 7-28. Basic Communication Patterns IN234.0 

Notes: 

According to the Gartner Group, these are the different ways in which applications can 
communicate with each other. Some of these have overlapping function. 

The conversational type is the same a either talk in UNIX or a chatroom on the Internet. 

The request and reply mechanism is the familiar method used by RPC technologies. 

Message passing is just about sending a message without worrying about any response or 
even that fact that it got there. 

Message queuing is the same model as receiving physical mail from the post office, except 
that the physical mail is not assured delivery -:) 

An example of publish and subscribe would be if several recipients were interested in an 
activity they could subscribe and when the activity is published then, the subscribers would 
be automatically informed of the activity. 
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J2EE Messaging Model 


•Java Message Server (JMS) is a Java API for messaging. 

•JMS/XA support is mandatory part of the J2EE 1.3 specification 
-Message processing becomes part of an extended transaction 
-However, transaction context should not flow with the message itself 

•Message production and message consumption's part of two separate transactions 

•Message-Driven Beans 

-Special Enterprise Beans oriented to processing messages 



Notes: 

Java Message Service (JMS) is a Java API that allows applications to create, send, receive 
and read messages. Servlets and EJBs can use JMS to send and receive messages 
to/from a messaging server. 

For compliance with J2EE 1.2, JMS support was mandatory, but JMS/XA was not. 
However, WebSphere Application Server 4.0 Advanced Edition had supported JMS/XA as 
a value-add feature. 

J2EE 1.3 introduced mandatory support for JMS/XA - the XA support makes it possible to 
protect both the message processing (put or get) and the business logic under the umbrella 
of an individual XA transaction. It has to be clearly understood that the transaction that 
produces an inbound message and the transaction that consumes that same message are 
two separate transactions. 

J2EE 1.3 introduced a new type of bean called Message driven bean. A message driven 
bean is an enterprise bean that allows J2EE applications to process messages 
asynchronously. An MDB consumes messages from queues and topics that are sent by a 
JMS Client. 
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Message Driven Beans Benefits 


•Automatic consumption of messages 
-No polling needed in the application code 
•Reduce application code 

•Leave JMS resource management to the container 
•Configuration of JMS destinations and providers 
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Figure 7-30. Message Driven Beans Benefits IN234.0 

Notes: 

Message-Driven Beans offer a standard way to create a message consumer that is fully 
managed by the container. The bean provider only needs to concentrate on writing the 
logic that performs the parsing and processing of the message. Typically, the MDB will 
delegate the execution of business logic to some other EJB - a Session EJB in most cases. 
However, no coding needs to be done to retrieve the message or poll the JMS destination - 
no specific coding is needed to provide quality of service (failover, parallel sessions, and so 
forth) - all this is up to the container to implement and provide. 
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IBM Business Integration Products 
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Figure 7-31. IBM Business Integration Products IN234.0 

Notes: 

WebSphere MQ (formerly MQSeries) provides assured, once-only delivery of messages 
between your IT systems. It connects more than thirty industry platforms including those 
from IBM, Microsoft, and Sun, using a variety of communications protocols. 

WebSphere MQ Integrator works with WebSphere MQ messaging, extending its basic 
connectivity and transport capabilities to provide a powerful message broker solution driven 
by business rules. Messages are formed, routed, and transformed according to the rules 
defined by an easy-to-use graphical user interface (GUI). 

Diverse applications can exchange information in unlike forms, with brokers handling the 
processing required for the information to arrive in the right place in the correct format, 
according to the rules you have defined. The applications have no need to know anything 
other than their own conventions and requirements. 

MQSeries Workflow works with WebSphere MQ messaging to add a further dimension to 
your business integration by aligning and integrating an organization’s staff resources, 
processes, and capabilities with business strategies. It enables organizations to accelerate 
process flow, optimize costs, eliminate errors and improve workgroup productivity. 
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MQSeries Workflow is designed to enable integration of all participants in the business 
process, including those external to your organization. It ensures the right information gets 
to the right person at the right time. 

MQSeries Workflow can be used in combination with WebSphere MQ Integrator, providing 
a high level of flexibility to allow business and message processing to be as simple or as 
complicated as your business demands. 

IBM CrossWorlds offers process integration solutions that easily extend with other IBM 
products -- helping maximize your company's flexibility to make you more competitive. 
Products include: 

• IBM CrossWorlds Interchange Server - a scalable, reliable and secure environment for 
business integration. 

• IBM CrossWorlds Connectors - help customers integrate their businesses by accessing 
and exchanging information between different applications and data sources that 
support business processes. 

• IBM CrossWorlds Collaborations - provide pre-built solutions for business process 
automation. 

• IBM CrossWorlds Tools - provide customers administrative and development support for 
system management, application connectivity and business process modeling. 

IBM Holosofx delivers a complete integrated business solution with Continuous Business 
Process Management software designed to identify, integrate, and manage 
business-relevant data in real time -- ensuring business operations perform to specified 
goals. Products include: 

• IBM Holosofx Workbench - Provides an easy-to-use process modeling tool for business 
managers and application developers. 

• IBM Holosofx Monitor - Displays actual real-time data from events created by IBM 
MQSeries Workflow during business process execution. 

• IBM Holosofx Workbench Server - Provides repository management and Web 
publishing capabilities to speed collaboration and access to business processes. 

WebSphere Business Integration is a software package which comprises the following 
software: 

• WebSphere MQ Integrator Broker and Tools 

• MQSeries WorkFlow and tools 

• IBM CrossWorlds Interchange Server and Full Toolset 
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WebSphere MQ Servers and Clients 



Client Machine 


Server Machine 


Figure 7-32. WebSphere MQ Servers and Clients IN234.0 

Notes: 

WebSphere MQ works on over 35 platforms, so you can connect any commercial systems 
in business today. It has a concept of a MQ server and a client. 

Server platforms for Version 5.3 include Windows, AIX, HP-UX, Sun Solaris, Linux on Intel, 
Linux on zSeries, iSeries, zOS. Other server platforms for older Version 5 products are 
Compaq NonStop Kernel, Compaq OpenVMS, Compaq Tru64 UNIX, OS/2 Warp, Sun 
Solaris on Intel. Additional server platforms for older versions include AT&T GIS UNIX, 
SINIX and DC/OSx, VSE/ESA. 

Client platforms include Windows (plus Windows 3.1 and Windows 95), DOS, OS/2 Warp, 
VM/ESA, OS/400 (Java applications only) and the UNIX platforms supported for the server 
(apart from Compaq Tru64 UNIX). 

A Version 5 client can connect to all queue managers, non-Version 5 as well as Version 5. If 
you are connecting to a non-Version 5 queue manager, you cannot use Version 5 features 
and structures in your WebSphere MQ application on the client. 
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An MQ program reads and writes to queues. An MQ program running in the client can only 
execute if the client is linked to a server with an active link. 

The WebSphere MQ programming interface is known as the message queue interface 
(MQI). The MQI includes 13 APIs, of which 7 are consistently used when developing 
applications. The MQI is available to applications running on the client platform; the queues 
and other WebSphere MQ objects are held on a queue manager that you have installed on 
a server machine. 
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WebSphere MQ Everyplace 


•Industry-strength messaging optimized for the mobile 
environment 

-Supports low-end devices, such as PDAs, telephones, and 
sensors 

-Operates efficiently in hostile communications environments 
where networks are unstable, or bandwidth is constrained 
-Network connectivity points can change as devices roam 
-Operates through suitably configured firewalls 
•Once and once-only assured delivery of messages 
•Permits message exchange with other WebSphere MQ family 
products 

•Extensive security features to protect messages, queues, and 
related data, in storage or in transmission. 

•Minimal administration 

•Easily customized and extended, using application-supplied 
rules 


Figure 7-33. WebSphere MQ Everyplace IN234.0 

Notes: 

WebSphere MQ Everyplace provides industry-strength messaging optimized for the mobile 
environment: 

• Asynchronous and synchronous messaging 

• Authentication, encryption, non-repudiation and compression 

• Automatic channel management 

• Built-in comprehensive security features 

• Object messaging (data and function) 

• Once-only assured delivery 

Compliments the WebSphere Everyplace Access offering by providing assured message 
delivery to this comprehensive mobile middleware offering. 

Extends other Application Connectivity offerings to the mobile environment: 

• WebSphere MQ 

• WebSphere MQ Integrator Broker 

• WebSphere MQ Event Broker 
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Flexible, customizable messaging 

• Access to local and remote queues 

• Client-server and peer-to-peer messaging support 

• Customizable device footprint 

• Designed to pass through firewalls 

• Direct and indirect routing 

• Message push and message pull 

• Pluggable queue and communications adapters 

• Rule-based operations 

Broad support for languages, platforms and environments 

• C implementation 

• Java implementation 

• JMS API (for point-to-point messaging) 

• JMX support via a SupportPac 

• Microsoft Windows XP (Professional Edition) support 

• Pocket PC 2002 support 

• Small footprint (code and wire protocol) 

WebSphere MQ Everyplace is available in two editions: 

• Network Edition for integrating mobile and wireless devices with the enterprise 

• Retail Edition for integrating retail store controllers and point of sale with head office 
systems 

WebSphere MQ Everyplace extends the messaging scope of the WebSphere MQ family 

by: 

• Supporting low-end devices, such as PDAs, telephones, and sensors. WebSphere MQ 
Everyplace also supports intermediate devices such as laptops, workstations, 
distributed, and host platforms. WebSphere MQ Everyplace offers once and once-only 
assured delivery of messages, and permits message exchange with other family 
members. 

• Offering lightweight messaging facilities. 

• Providing extensive security features to protect messages, queues, and related data, 
whether in storage or in transmission. 

• Operating efficiently in hostile communications environments where networks are 
unstable, or where bandwidth is tightly constrained. WebSphere MQ Everyplace has an 
efficient wire protocol and automated recovery from communication link failures. 

• Supporting the mobile user, allowing network connectivity points to change as devices 
roam. WebSphere MQ Everyplace also allows control of behavior in conditions where 
battery resources and networks are constrained. 

• Operating through suitably configured firewalls. 

• Minimizing administration tasks for the user. This makes WebSphere MQ Everyplace a 
suitable base on which to build utility-style applications. 

• Being easily customized and extended, through the use of application-supplied rules 
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Exercise Introduction 



Figure 7-34. Exercise Introduction IN234.0 

Notes: 
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Unit Summary 

•Application Integration Pattern 
-Process-focused application patterns 
-Data-focused application patterns 
•J2EE messaging support 
-JMS, JMS/XA and message driven beans (MDB) 
•IBM Business Integration products 
-WebSphere MQ 
-WebSphere MQ Everyplace 
-WebSphere MQ Integrator 
-MQSeries Workflow 
-IBM Crossworlds 
-IBM Holosfx 


Figure 7-35. Unit Summary IN234.0 

Notes: 
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Unit 8. Creating a Design for Security and 
Performance 

What This Unit Is About 

This unit enables students to create an e-business application design, 
which will address issues of performance and security. 

What You Should Be Able to Do 

After completing this unit, you should be able to: 

• Create a pattern-based design using provided templates and 
simple notation conventions 

• Discuss performance issues in e-business applications 

• Describe the basic flow of access and information for a 
Self-Service application design 

• Explain the differences between workload elements 

• Describe product functions for: 

- Tivoli Access Manager for e-business (TAM) 

- IBM WebSphere Edge Server 

• Explain integration issues for combining TAM, Edge Server, and 
WebSphere workload management and security functions in a 
design 


How You Will Check Your Progress 

Accountability: 

• Case Study exercise 


References 


ISBN 1-931182-02-7 

Patterns for e-business: A Strategy for Reuse 

http://www- 106 .ibm.com/developerworks/patterns/ 

Patterns for e-business 
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Unit 8. Creating a Design for Security and 
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Figure 8-1. Unit 8. Creating a Design for Security and Performance IN234.0 

Notes: 
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8.1 Creating a Design for Security and Performance 
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Unit Objectives 


After completing this unit, you should be able to: 

•Create a pattern-based design using provided templates and 
simple notation conventions 

•Discuss performance issues in e-business applications 
•Describe the basic flow of access and information for a Self- 
Service application design 

•Explain the differences between workload elements 
•Describe product functions for: 

-Tivoli Access Manager for e-business (TAM) 

-IBM WebSphere Edge Server 

•Explain integration issues for combining TAM, Edge Server, 
and WebSphere workload management and security functions 
in a design 


Figure 8-2. Unit Objectives IN234.0 

Notes: 
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What is Performance Tuning? 


•What is Performance? 

-High throughput? 

-Fast response time? 

-Low latency? 

-High utilization? 

-Efficiency? 

•What is good performance? 

-Depends upon your requirements and goals 
•What is Tuning? 

-Changing the architecture, environment, or parameters of a 
system in an attempt to improve performance 
•Performance Tuning is an attempt to alter the run-time 
characteristics of an application to meet specific goals 



Figure 8-3. What is Performance Tuning? IN234.0 

Notes: 

There are a lot of metrics we could use to define performance, but what will define 
acceptable performance for a given application will be the requirements and specifications 
that should have been set during the architecture and design phase of the development 
process. 

Tuning involves changing or tweaking the settings of any of the pieces of a distributed 
architecture in an effort to improve performance. 

Once performance characteristics are defined for a given application/system you can 
attempt to tune it to perform better, aka performance tuning. 
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Common Performance Patterns 


•Amortization 

-Spread overhead across many uses to reduce the average 
cost (connection pooling) 

•Caching 

-Keep frequently accessed data readily available 
•Profiling 

-Review heavily used code (application profiling) 
-Understand users' behavior and tendencies 
•Parallel Processing 

-Break tasks into pieces (multithreading, SMP) 

•Simplicity 

-Use the KISS method 

-Reduce the size and complexity of systems 


Figure 8-4. Common Performance Patterns IN234.0 

Notes: 

These are not the only performance patterns out there, but they are some of the more 
prevalent out there. Not surprisingly, these patterns work well in most optimization 
situations 

• Amortization - in a word, reuse. If you can reuse something without constantly creating 
or destroying it, that should reduce the amount of preparation and cleanup and allow 
more time for real work. 

• Caching - reuse again. Storing frequently used data where we need it and not having to 
retrieve it should reduce the time it takes to complete the process and send a response. 
This only works if the data isn't constantly changing. 

• Profiling - Finding the most frequently used parts of a site and the most frequently used 
code that supports those areas can help us optimize those areas(even at the expense 
of other areas sometimes) because they will have the highest impact on the end user 
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• Parallel Processing - Break a complex task into many small pieces and run them at the 
same time if they don't depend on information from one another. If we have the 
memory and processing power this can be a great choice. 

• Simplicity - Don't make things more complicated than they need to be. Simplicity has 
many benefits, and having architectures and applications that you can understand is 
certainly one of them. 
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WebSphere Edge Server 



Figure 8-5. WebSphere Edge Server IN234.0 

Notes: 

WebSphere Edge Server distributes application processing to the edge of the network 
under centralized administrative and application control. Edge Server provides an 
integrated solution for load balancing, static and dynamic caching, application offload, 
content distribution, enhanced security, and transactional quality of service all under 
centralized administrative and application control. 

WebSphere Edge Server has been integrated into WebSphere Application Server V5 
Network Deployment and Enterprise as the Edge Components. 

The Caching Proxy component (previously known as Web Traffic Express), is a server that 
provides highly scalable caching and filtering functions used in receiving requests and 
serving URLs. Since tunable caching is capable of supporting high cache hit rates, this 
component can reduce bandwidth costs and provide more consistent rapid customer 
response times. Additionally, the Caching Proxy is programmable via plug-ins, and it 
caches and invalidates dynamic content generated by the IBM WebSphere Application 
Server’s dynamic cache. 
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The load balancing component, known as Network Dispatcher, is a server that is able to 
dynamically monitor and balance TCP servers and applications in real time. It improves a 
Web site’s availability, scalability and performance by transparently clustering edge, Web 
and application servers. The main advantage of the load balancing component is that it 
allows heavily accessed Web sites to increase capacity, since multiple TCP servers can be 
dynamically linked in a single entity that appears in the network as a single logical server. 

The Content Distribution Framework provides an infrastructure that can be used to 
distribute static, dynamic, and multimedia Web content, along with application components 
to production servers, rehosting servers and edge server caches throughout the network. 

Application Offload: A typical Web application setup consists of three tiers: Presentation, 
Business logic, and Data Store, colocated at the origin application server. Application 
Offload moves some of the Presentation and Business logic related processing to the edge 
of the network. It enables the Edge Server to perform page composition from cached and 
rehosted fragments and Web objects. 


© Copyright IBM Corp. 1999, 2003 Unit 8. Creating a Design for Security and Performance 8-9 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Load Balancing 



Figure 8-6. Load Balancing IN234.0 

Notes: 

The Network Dispatcher component performs load balancing of TCP packets. 

The client sends a packet to the Network Dispatcher. 

The Network Dispatcher picks the best server based on active connections, new 
connections, the advisor and ISS (which can be used to provide detailed load information 
about the server machines or applications to influence the weightings used when 
distributing requests). 

The Network Dispatcher changes the packet destination MAC address and forwards the 
frame to the server. This means that the return IP address will remain the client IP address 
so the returned packet (which will usually be significantly larger than the request packet) 
will go direct to the client without passing through the Network Dispatcher. 
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Load Balancing with Session Affinity 


Connection Table 
connl - Sticky 
conn2 - Sticky 



Network 



Dispatche 



If the application must be stateful (return to 
the same server) the session affinity can be set. 






Client 

(Browser) 





Web 
Server 1 






Web 
Server 2 





Web 

Server 3 


Shared 

FilfiQ 






Content 


Figure 8-7. Load Balancing with Session Affinity IN234.0 

Notes: 

In many applications it is important that all requests that belong to the same session are 
sent to the same server. 

Network Dispatcher supports this using session affinity. In the connection table maintained 
by the Network Dispatcher the sticky bit can be set. All requests associated with the 
connection will be sent to the same server. 
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Security Requirements and Technologies 


^^\[Requirement 

T echnology^\ 

Confidentiality 

Integrity 

Authenticity 

Authorization 

Accountability 

SSLv3 

Y 

Y 

Y 

N 

N 

Digital Signature 

Y 

(w/key) 

Y 

Y 

(w/key) 

N 

Y 

(w/key) 

Firewall 

N 

(IPSec) 

N 

(IPSec) 

N 

Y 

N 

(Identity) 

Certificates and 
Authorities 

N 

Y? 

Y 

(ID Verification) 

N 

N 

SET 

Y 

Y 

Y 

Y 

Y 

UID/PW 

N 

N 

Y 

N 

N 

Web Server 

N 

(SSL) 

N 

(SSL) 

Y 

Y 

Y 

Browser 

N 

(SSL) 

N 

(SSL) 

N 

N 

N 

VPN (IPsec) 

Y 

Y 

Y 

rSysteml 

N 

N 

Anti-Virus 

N 

N 

(Viruses) 

N 

N 

N 

Directories 

N 

N 

Y* 

Y* 

N 

WebSphere 

Y 

Y 

Y 

Y 

N 


Figure 8-8. Security Requirements and Technologies IN234.0 

Notes: 

The need for Confidentiality, Integrity, Authentication, Authorization, and Accountability 
(CIAAA) for either sites or traffic defines your security requirements. You choose the 
technology that meets the requirements. 
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Secure Sockets Layer (SSL) 



Web 



Secure Sockets Layer 
TCP/IP Layer 


Network Layer 


Figure 8-9. Secure Sockets Layer (SSL) IN234.0 

Notes: 

SSL provides connection security through: 

• Communication privacy - the data on the connection can be encrypted. 

• Communication integrity - the protocol includes a built-in integrity check. 

• Authentication - the server can authenticate to the client through the passing of a digital 
certificate. 

SSL runs above TCP/IP and below high-level application protocols. 
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Lightweight Directory Access Protocol (LDAP) 


Application Client 


LDAP Directory Server 



Optimized 
for read 


LDAP Reply Message 


Four models upon which LDAP is based 

• Informational - Describes the structure of stored information 

• Naming - Describes how information is organized and identified 

» Functional - Describes what operations can be performed on the information 

• Security - Describes how to protect information from unauthorized access 


Figure 8-10. Lightweight Directory Access Protocol (LDAP) IN234.0 

Notes: 

Lightweight Directory Access Protocol (LDAP) in based on the X.500 standard. LDAP is an 
extensible, vendor-independent, network protocol standard - it supports hardware, 
software, and network heterogeneity. An LDAP-based directory supports any type of data. 
You may configure an LDAP-based directory to play essentially any role you wish. 

LDAP directories are typically used as user registries to store user authentication, profile 
and access control information. 
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LDAP Information Model 



Figure 8-11. LDAP Information Model IN234.0 

Notes: 

LDAP is a directory service, not a database. Therefore, the information in an LDAP 
directory is usually descriptive, attribute-based information. LDAP users generally read the 
information in the directory much more than they change it. 

The LDAP information model is based on entries (which are also referred to as objects). 
Each entry consists of one or more attributes, such as a name or address, and a type. The 
types typically consist of mnemonic strings, such as cn for common name or mail for 
e-mail address. 

Each directory entry also has a special attribute called objectClass. This attribute controls 
which attributes are required and allowed in each entry. This means that the values of the 
objectClass attribute determine the schema rules the entry must obey. 

LDAP is designed to run directly on the TCP/IP stack. It is a vendor-independent open 
network protocol standard. Since LDAP is a standard, a client to an LDAP server does not 
need to know how the server stores the information. 
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Java 2 Security Overview 


•Fine-Grained Access Control Mechanism 

-Provides protection for resources based on policy: 

•Examples: File I/O, Network Connections (Sockets), Property files, etc. 
-Policy defined by a set of permissions available for code 
from various signers or location 
-Code organized into individual protection domains 



Figure 8-12. Java 2 Security Overview IN234.0 

Notes: 

Java 1.0.x Security was based on the Sandbox Model where the Sandbox restricts the 
execution of bytecodes and provides a local namespace ensuring untrusted code cannot 
interfere with the running of other programs. 

Java 1.1 .x Security extended this to support signed code. If downloaded (remote) code is 
digitally signed and the signature key is trusted by the system, the code will be run as local 
code. If the signature is not trusted or the code is not signed, the code will still run in the 
Sandbox and be restricted. 

Java 2 Security provides fine-grained access control based on domains. 

A domain can be scoped by the set of objects that are currently directly accessible by a 
principal, where a principal is an entity to which permissions are granted. The sandbox 
utilized in JDK 1.0 is one example of a protection domain with a fixed boundary. A domain 
conceptually encloses a set of classes whose instances are granted the same set of 
permissions. Protection domains are determined by the policy currently in effect. The Java 
application environment maintains a mapping from code (classes and instances) to their 
protection domains and then to their permissions. Decision of granting access to controlled 
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resources: current execution context - current sequence of method invocations (sequence 
of protection domains), a request for access is granted if, and only if, every protection 
domain in the current execution context is granted the said permission. 

Policies are defined in policy files which must be included with the application when it is 
deployed in the application server. 
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JAAS 


•Programmatic interface to establish identity and perform authorization 

-Standard extension to the JDK 1.3 release (incorporated into JDK 
1.4) 

•JAAS Authentication based on the Pluggable Authentication Module 

(PAM) 

-JAAS Authentication can be make use of any authentication 
technology 

•Traditional user/password, but also fingerprint or iris recognition, .... 

-WAS JAAS Authentication service implemented the JAAS 
framework with the WAS Authentication security mechanisms: Local 
OS and LTPA 

•JAAS Authorization extends the Java 2 Security framework 

-Java2 Security is code centric 

• Permission given to the code base and to whom created (signed) the code 

-JAAS is user centric 

• Uses Java2 Security policies to give permissions based on whom is running the code 

• Independent of the implementation of the JAAS Authentication service. 


Figure 8-13. JAAS IN234.0 

Notes: 

Java Authentication and Authorization Service (JAAS) is an alternative to the built-in 
security support in WebSphere allowing programmatic authentication and authorization to 
be used within an application. 

Pluggable Authentication Module (PAM) frameworks allow for authentication methods to be 
implemented without changing any of the login services, reducing the effort in using new 
authentication technologies. With PAM, applications remain independent from underlying 
authentication services. 

New authentication modules for things such as smart cards and other devices can be 
easily added based on the PAM framework. PAM also enables Solaris to work in 
environments where multiple security mechanisms are in place. 
http://java.sun.com/security/jaas/doc/pam.html 

With Java 2 Security, you only have the ability to distinguish running code based on where 
it came from and who signed it. JAAS extends this support by adding the ability to provide 
access based on the identity of the user actually running the code. 
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J2EE Security - EJBs 



Bob Mary 

ROLE BINDING 


4. Security role binding 


METHOD PERMISSIONS 


ROLE 

METHODS 

Customer 

getBalance() 

Teller, Manager 

getBalance, setBalance 

Manager 

create ✓ 

2. Assign method permissions 



getBalance 


Bank Bean (Method C set Balance 


Method 


create 


ROLE 

USERS/GROUPS 

Customer 

Clients, Jack 

Teller 

Mary, Bob 

Manager 

Mary 



1. Security roles 


3. Security roles refs 

SECURITY ROLE REFERENCES 


\ Internal Name 

Application Role 

\ Supervisor 

Manager 


public getBalance (...) { 


if (isCallerinRole("Stype/v/sor")) 
Perform function... 


Figure 8-14. J2EE Security - EJBs IN234.0 

Notes: 

With J2EE 1.2, you have the ability to use a role based security model programmatically or 
administrative in your applications. You can define security roles which can be used to 
restrict access to specific methods in your Enterprise bean or within the methods. The 
model offers flexibility as the roles you define do not have to match roles in your production 
environment. Security Role-References allow for bindings to be made at installation time 
to references in the application to the actual roles in the production server. 

Under J2EE 1.3, security enhancements in the EJB 2.0 specification offer increased 
features and functionality. With EJB 2.0 you can specify a specific role to secure a method, 
avoid checking (uncheck) for security, or exclude the method from being called. For 
compliance with the specification you must specify at least one of these settings. 
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J2EE Security - Servlets, JSPs 



SECURITY CONSTRAINTS 



doPut 


doPost 


Method c 


doGet 


4. Specify Sec. Role Bindings 


ROLE BINDING 


ROLE 

USERS/GROUPS 

Customer 

Clients, Jack 

Teller 

Marv, Bob 

-JUanaaer 

Marv 


ROLE 

METHODS 

URI 

Customer, 

Teller 

POST 

/servlet/Welcome/* 

Teller 

POST, PUT 

/servlet/Account/* 

Manager 

POST, DELETE, 
PUT 

/jsp/* 

2. Specify Sec. Constraints 




3. Specify Sec. Role Ref. 


SECURITY ROLE REFERENCES 


Internal Name 

Application Role 

Supervisor 

Manager 


public doGet (...) { 

if (userlnRolef Supervisor")) 
Perform function... 

else 

Throw SECURITY-ERROR 


Figure 8-15. J2EE Security - Servlets, JSPs IN234.0 

Notes: 

For Web resources such as Servlets and JSPs, under the J2EE 1.3 specification the 
Roles-based security model is also possible. The implementation works as it does for 
securing Enterprise Beans in that you can secure specific URLs administratively or 
programmatically within your Servlets or JSPs. Just as with securing Enterprise Beans, you 
can use a role within your application which does not exist in the production environment. 
Security Role-References are used to bind the roles in the application to those in the 
production server. 

Note: Only Servlet/JSP Web resources are protected by WebSphere 4.0 security. HTML 
resources are not protected. 
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Common Secure Interoperability M2 Overview 


•OMG standard for the CORBA distributed security service 
-Part of J2EE 1.3 requirements 

-Open, secure interoperability framework common across 
CORBA servers 

-Transport Security: SSL/TLS used to provide message 
protection and authentication 
-Attribute Security: Such as delegation, identity assertion 
based on trust relationship 

CSIv2 Security Architecture 
Identity Assertion 

Service Context Layer Client Authentication 


Message Protection 

Transport Layer Target-to-Client Authentication 

Client Authentication 


Security Attribute Layer 

Supplemental Client 
Authentication Layer 

SSL/TLS 


Figure 8-16. Comm Secure Interoperability V2 Overview IN234.0 

Notes: 

Transport Security. 

The industry security transport standard such as SSL/TLS or SECIOP is predicated to 
provide a common security mechanism to provide the following functions: 

• Message protection to protect GIOP message header with the input and output 
arguments. 

• Target-to-client authentication to identify the target for the purpose of ensuring the 
target is the intended target. 

• Client-to-server authentication to identify the clients. 

• Client Authentication above Transport Layer 

It is not practical for the server to authenticate the client in the SSL/TLS transport layer with 
the client's certificate in a multiple client users environment because it requires a separate 
SSL socket is opened for each client. The CSIv2 specification provides a security 
mechanism for the server to authenticate the client above the transport layer. A common 
SSL socket can be opened between a client process and a server process. Then, multiple 
client identities(uid/password or credential tokens) can be sent through this common SSL 
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socket to the server to establish the security association between each client user and the 
server. The server can identify the client user with the third party authentication server. The 
GIOP service context service is used to form a security context to establish a secure 
association between the client user and the server process for the duration time of a single 
message(stateless) or multiple request/reply messages(stateful). 

Identity Assertion: The authentication operation is a very expensive secure operation. It is 
more efficient to provide the Identity Assertion service based on the trust relationship of 
one server to another to provide a fast identity verification for the clients. 

The CSIv2 specification provides the Identity Assertion by specifying the client's identity in 
the attribute service layer. The server can verify the identity of the clients based on its trust 
relationship with the middle server and the its trust rules. 

Privilege Attributes: The CSIv2 specification also provides privilege attribute security 
interoperability between the clients and the servers. It will not, however, be implemented in 
the WebSphere v5 release because it is not required under the conformation level 0 
requirement. 

http://www.omg.org/technology/documents/formal/omg_security.htm 


8-22 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


WebSphere Security Overview 


WebSphere 
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Platform Security 


JVM Security 


OS Security 


Figure 8-17. WebSphere Security Overview IN234.0 

Notes: 

In WebSphere Application Server there is security at many different levels. 

Operating System Security - The security infrastructure of the underlying operating system 
provides certain security services to the WebSphere Security Application. This includes the 
file system security support to secure sensitive files in WebSphere product installation. The 
WebSphere system administrator can configure the product to obtain authentication 
information directly from the operating system user registry, for example the NT Security 
Access Manager - SAM. 

JVM 1.3 - The JVM security model provides a layer of security above the operating system 
layer. 

CORBA Security - Any calls made among secure ORBs are invoked over a Secure 
Association Service (SAS) layer that sets up the security context and the necessary quality 
of protection. After the session is established, the call is passed up to the enterprise bean 
layer. 
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J2EE Security - The security collaborator enforces J2EE based security policies and 
support J2EE security APIs. 

WebSphere Security - WebSphere security enforces security policies and services in a 
unified manner on access to Web resources and enterprise beans. It consists of 
WebSphere security technologies and features to support the needs of a secure enterprise 
environment. 

Note: Security Attribute Service (SAS) in CSIv2 is different from Security Association 
Service (SAS) which was IBM proprietary protocol before CSIv2. 
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WebSphere V4 Security Review 



Figure 8-18. WebSphere V4 Security Review IN234.0 

Notes: 

In WebSphere Application Server V4 security could be enabled in a number of different 
ways. 

Traffic between the HTTP Server and the Web Container can be encrypted via SSL. 

Requests from Java Client Applications to Enterprise Beans can be secured using IBM 
SAS (Secure Association Service). 

Applications can be secured using the J2EE roles-based security model. With this security 
model you associate specific roles to specific methods. You then can assign users to roles 
allowing access to the methods. The roles can also be used programmatically within your 
application. 

For authentication a number of different mechanisms are possible for WebSphere v4. 
Native OS, LDAP, and custom authentication mechanisms can be used with a 
corresponding repository. 
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WebSphere V5 Security 



Figure 8-19. WebSphere V5 Security IN234.0 

Notes: 

In WebSphere v5 Security, there are some significant enhancements and new features. 

The Security Server, which can handle the authentication and authorization for your 
applications runs in every managed process offering scalability and a reduction of the 
Admin Server as a single point of failure. 

Java Authentication and Authorization Service (JAAS) is also supported offering flexibility 
in authorization and authentication programmatically within you application. 

Common Secure Interoperability Specification (CSIv2) is also supported enabling 
interoperable authentication, delegation, and privileges by offering a secure protocol above 
the transport layer. 
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WAS User Registries 


WebSphere Runtime 


Security 

Server 



Local OS 
Authentication 
Layer 


LTPA 

Authentication 

Layer 


[WebSphere Provided 
] Custom Provider 


Pluggable 

Custom 

Authentication 

Layer 


Local OS 
User Registry 


LDAP 

User Registry 


Custom 
User Registry 


Figure 8-20. WAS User Registries IN234.0 

Notes: 

Within the Security Server, authentication is performed with one of a number of different 
User Registries. There is a definite line between authentication and User Registries which 
allows for a number of different possibilities for authentication. 

• Operating System 

- Windows NT/2000: Domain, Workgroup 

- UNIX:/etc/password 

• LDAP 

- Any LDAP Server using industry standard schema 

- IBM SecureWay, Netscape, ActiveDirectory, Domino 

• Custom 

- Write your own registry by implementing our interfaces 

- New addition in WebSphere 4.0 AE 

- Implemented as LTPA 

- Allows WebSphere applications to take advantage of new registries 
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Lightweight Third-Party Authentication (LTPA) 


1. Request 


m- 


2. Challenge User for 
Authentication 
<4 - 

3. User 
Authenticates 


7. Create authToken cookie; 
serve the request 


8. Pass User Credentials (token) 
to EJS when invoking methods 
on EJBs 


9. Pass token over 
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WebSphere 
Application 
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4. Authenticate (authenticationData) 

J 


5. Verify userid/password using 
LDAP user registry 


6. Issue Authentication Token 



Security Server that contains the 
Authentication Token Server 


Stored User 
Information 


Figure 8-21. Lightweight Third-Party Authentication (LTPA) IN234.0 

Notes: 

Lightweight Third-Party Authentication (LTPA) can be enabled for security authentication in 
WebSphere Application Server. This protocol uses tokens to share authentication 
information between components so that the user is not challenged multiple times. 

Once a user has authenticated, the token server creates a unique token and the token is 
stored in a cookie so that it is passed back to the server in each HTTP request. This cookie 
is encrypted using Triple-DES (158-bit). 

HOP stores the token in the current context so that it is passed along to all application 
servers that may be involved in handling a request. 

An LDAP directory service is used to provide the user registry. IBM SecureWay Directory is 
included with WebSphere Application Server Advanced Edition. Other LDAP directories are 
also supported. 

In WebSphere Application Server V3 and V4, the Admin Server provides the LTPA security 
server component. In V5 the node agent provides this function. 
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Single Sign On (SSO) 


•Works in conjunction with LTPA. 

•Issues cookies to Web browser to track user authentication 
information. 

•Provides for SSO within or even between WebSphere 
Application Server domains. 

•Required for practical use of custom login. 



Figure 8-22. Single Sign On (SSO) IN234.0 

Notes: 

LTPA allows Single Sign On so that the client does not need to be reauthenticated when 
accessing different servers or applications. 

The first request establishes the LTPA token which is stored with single sign on information 
in a SSO cookie in the client. 

Subsequent requests will check for the existence of the SSO cookie and use it for 
authentication instead of sending an authentication request to the client. 
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IBM SecureWay Directory Server 


•Allows creation of integrated, network- aware e-business 
applications 

-IBM middleware integrated via SecureWay Directory 
-Based on DB2 UDB for scalability and availability 
•Meta-Directory for directory synchronization with non-LDAP 
environments 

•Enables enterprise-wide directory management 
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Figure 8-23. IBM SecureWay Directory Server IN234.0 

Notes: 

IBM SecureWay Directory Server is an LDAP directory server which allows the creation of 
integrated, network-aware e-business applications. 

IBM middleware is integrated via the SecureWay Directory and SecureWay Directory is 
bundled as the directory component of various Tivoli and IBM WebSphere products. 

SecureWay directory includes meta-directory functionality to enable synchronization with 
non-LDAP environments. 

SecureWay Directory includes DB2 UDB for scalability and availability of the directory data 
store. 
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Tivoli Access Manager for e-business 


•Policy-based access control solution for e-business and 
enterprise applications 

•Control both wired and wireless access to applications and 
data 

•Keeping unauthorized users out while delivering a secure 
personalized e-business experience for authorized users 
•Integrate security for key CRM, ERP, and SCM e-business 
solutions 

•Secure J2EE-conforming applications running on WebSphere 
Application Server or BEA WebLogic Server 
•Includes Web proxy, plus plug-ins for Web servers and 
WebSphere Edge Server 


Figure 8-24. Tivoli Access Manager for e-business IN234.0 

Notes: 

IBM Tivoli Access Manager for e-business is a policy-based access control solution for 
e-business and enterprise applications. It uniquely addresses the challenges of e-business 
security, enabling new and rapidly scaling e-business initiatives to reach new markets and 
customers. It also addresses managing growth and complexity, controlling escalating 
management costs, and directly tackles the difficulties of implementing security policies 
across a wide range of Web and application resources. IBM Tivoli Access Manager for 
e-business helps companies by reducing deployment time and cost for new e-business 
applications. 

IBM Tivoli Access Manager for e-business lets organizations control both wired and 
wireless access to applications and data; keeping unauthorized users out. IBM Tivoli 
Access Manager for e-business integrates with e-business applications to deliver a secure 
personalized e-business experience for authorized users. IBM Tivoli Access Manager 
Version 3.9 includes integrated security for key CRM, ERP, and SCM e-business solutions, 
as well as enhancements for securing J2EE-conforming applications running on 
WebSphere Application Server or BEA WebLogic Server. With Tivoli Access Manager for 
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e-business, partners, customers, suppliers and employees can secure access to 
business-critical applications and data for highly available and scalable transactions. 

IBM Tivoli Access Manager for e-business enables you specifically to: 

• Achieve superior return on investment by eliminating the need to manage user identities 
and security policies within each application 

• Improve customer relationships through unified access management and secure single 
sign-on 

• Avoid proprietary and unwieldy solutions and achieve rapid time to value through 
standards-based access control and J2EE support 

• Leverage out-of-the-box integration with CRM applications from Siebel and ERP 
solutions from mySARcom, as well as key portal solutions from Plumtree, Epicentric, 
WebSphere and BEA 

• Manage Web security in a way that conforms to your operation, both in terms of 
delegation of user, group, role, policy and application access provisioning tasks, and in 
terms of the choice of user registry (with options including Microsoft Active Directory, 
iPlanet Directory Server, and IBM SecureWay Directory) 

• Achieve high availability, with a solution that scales to millions of users 

Tivoli Access Manager for e-business is an enhanced combination of two previous 
products: Tivoli Policy Director and Tivoli Policy Director-Application Servers. 
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Tivoli Access Manager WebSEAL 


•Supports multiple authentication methods 
•Integrates Access Manager Authorization service 
•Manages fine-grained control of Web resources 
•Handles a variety of resource types 
•Incorporates and secures backend server resources 
•Unifies protected Web resource space 
•Provides single sign-on capabilities 
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Figure 8-25. Tivoli Access Manager WebSEAL IN234.0 

Notes: 

IBM Tivoli Access Manager WebSEAL is a security manager for Web-based resources. 
WebSEAL is a high performance, multithreaded Web server that applies fine-grained 
security policy to the protected Web object space. WebSEAL can provide single sign-on 
solutions and incorporate backend Web application server resources into its security policy. 

WebSEAL normally acts as a reverse Web proxy by receiving HTTP/HTTPS requests from 
a Web browser and delivering content from its own Web server or from junctioned back-end 
Web application servers. Requests passing through WebSEAL are evaluated by the Tivoli 
Access Manager authorization service to determine whether the user is authorized to 
access the requested resource. 

WebSEAL provides the following features: 

• Supports multiple authentication methods Both built-in and plug-in architectures allow 
flexibility in supporting a variety of authentication mechanisms. 

• Accepts HTTP and HTTPS requests 
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• Integrates and protects back-end server resources through WebSEAL junction 
technology 

• Manages fine-grained access control for the local and back-end server Web 
spaceSupported resources include URLs, URL-based regular expressions, CGI 
programs, HTML files, Java servlets, and Java class files. 

• Performs as a reverse Web proxyWebSEAL appears as a Web server to clients and 
appears as a Web browser to the junctioned back-end servers it is protecting. 

• Provides single sign-on capabilities 

The connection between a WebSEAL server and a backend Web application server is 
known as a WebSEAL junction. A WebSEAL junction is a TCP/IP connection between a 
front-end WebSEAL server and a backend server. The backend server can be another 
WebSEAL server or, more commonly, a third-party Web application server. The backend 
server Web space is connected to the WebSEAL server at a specially designated junction 
(mount) point in the WebSEAL Web space. 


8-34 Designing Integrated Solutions © Copyright IBM Corp. 1999, 2003 

Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 




Student Notebook 


Tivoli Access Manager Plug-in for Edge Server 



Figure 8-26. Tivoli Access Manager Plug-in for Edge Server IN234.0 

Notes: 

The IBM Tivoli Access Manager Plug-in for Edge Server adds authentication and 
authorization functionality to the IBM WebSphere Edge Server product. When implemented 
as an authorization service in your secure domain, this plug-in can provide single sign-on 
solutions to resources within that domain. 

The plug-in for Edge Server works with the IBM WebSphere Edge Server to provide access 
control. It sits at the edge of an enterprise network where access requests from clients 
outside the firewall are evaluated. 

Edge Server consists of two key components: 

• Caching proxy 

• Network dispatcher 

The plug-in is invoked by the caching proxy component on every request to determine if the 
user is authorized to access the requested resource. The caching proxy subsequently 
enforces the authorization decision returned by the plug-in. Although the network 
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dispatcher component is not required to run the plug-in, it can be used for load balancing 
across replicated servers in high volume environments. 
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WebSphere Workload Management 


•Workload management optimizes the distribution of client 
processing requests. 

•WebSphere Application Server allows you to create a cluster 
of application servers each running identical application code 
-EJB modules 
-Web modules 

•Workload management code distributes requests between 
the servers 

-Deployed EJB client stubs load balance EJB requests 
-Web server plug-in load balances HTTP requests 
•Topologies 

-Vertical scaling - multiple servers on one machine 
-Horizontal scaling - servers distributed across multiple 
machines 


Figure 8-27. WebSphere Workload Management IN234.0 

Notes: 

Workload management optimizes the distribution of client processing requests. Incoming 
work requests are distributed to the application servers, enterprise beans, servlets, and 
other objects that can most effectively process the requests. Workload management also 
provides failover when servers are not available, improving application availability. 

The terminology associated with WebSphere Application Server clustering and workload 
management has changed between versions although the basic functionality is mostly the 
same. 

• In WebSphere Application Server Version 3, machines are grouped into an 
administrative domain which shares a common administrative repository. The 
configuration which defines a resource to be workload managed is called a model and 
this can be duplicated to create a number of clones. 

• In WebSphere Application Server Version 4, machines are grouped into an 
administrative domain which shares a common administrative repository. The 
configuration which defines a server to be workload managed is called a server group 
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and this can be duplicated to create a number of clones. Only application servers can 
be cloned. 

• In WebSphere Application Server Version 5, machines are grouped into a cell which 
has a master configuration located on the deployment manager. The configuration 
which defines a server to be workload managed is called a cluster and this can be 
duplicated to create a number of cluster members. 

The application servers can run EJB modules, Web modules or both. 

Workload management of EJB requests is performed by the deployment code generated 
for the EJB client when it is deployed using development tools, or on application 
installation. 

Workload management of HTTP requests is performed by the WebSphere plug-in in the 
Web server. 

In version 5, a weighted round-robin method is used to distribute requests between 
servers. 

Two common topologies are: 

• Vertical scaling - multiple servers run on one machine. This is sometimes used for very 
powerful servers where a single JVM is not able to fully utilize the CPU due to internal 
limitations. 

• Horizontal scaling - multiple servers run on multiple machines in a network. This 
provides redundancy in case a machine fails and offers virtually unlimited scalability. 
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What can be Workload Managed? 


HTTP 
Requests 




Figure 8-28. What can be Workload Managed? IN234.0 


Notes: 

Three types of requests can be workload managed in WebSphere V5.0. 

HTTP Requests can be shared across multiple HTTP Servers. 

• This requires a TCP/IP sprayer to take the incoming requests and distribute them. 

• There are both hardware and software products available to spray TCP/IP requests. 

• The Load Balancer in the WebSphere Application Server V5 Edge Components 
(formerly the Network Dispatcher in WebSphere Edge Server) is a software product 
which applies intelligent load balancing to HTTP requests. 

Servlet Requests can be shared across multiple Web Containers. 

• The WebSphere Plug-in to the HTTP Server distributes Servlet requests. 

• Web Containers can be configured on the same machine or multiple machines. 

EJB Requests can be shared across multiple EJB Containers. 
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• The Workload Management Plugin to the Object Request Broker (ORB) distributes EJB 
requests. 

• EJB requests can come from Servlets, Java client applications, or other EJBs. 
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Vertical Scaling 


•May provide better performance with multiple processors 



Figure 8-29. Vertical Scaling IN234.0 

Notes: 

Vertical Scaling is defining multiple Clones (Cluster Members in V5) of an Application 
Server on the same physical machine. 

Vertical scaling is appropriate in environments with large, under-used machines. 

A single Application Server runs in a single JVM process, and cannot always fully utilize the 
CPU power of a large machine and drive the load up to 85 - 100%. 

This is particularly true on large multiprocessor machines, because of inherent 
concurrency limitations within a single JVM. 

Vertical Scaling provides a straightforward mechanism to create multiple JVM processes, 
which together can fully utilize all the processing power available. 
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Horizontal Scaling 


•Provides machine failover 



Figure 8-30. Horizontal Scaling IN234.0 

Notes: 

Horizontal Scaling is defining multiple Clones of an application server on multiple physical 
machines, allowing a single WebSphere application to run on several machines while 
presenting a single system image. 

Horizontal scaling is appropriate in environments with smaller, less powerful machines. 

Horizontal scaling can provide both increased throughput and failover. 

If a machine becomes unavailable, its work can be routed to other machines containing 
server Clones. 

With several Clones available to handle requests, it is more likely that failures will not harm 
throughput and reliability. 

With Clones on multiple nodes, an entire machine can fail without any application downtime 
(unless, of course, the failed machine is a single point of failure). 
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Combined Topology 



Figure 8-31. Combined Topology IN234.0 

Notes: 

This example shows both horizontal and vertical scaling of an application server. In 
addition a Load Balancer has been implemented on the front-end to distribute requests 
between two Web servers. The load balancer has a backup system for failover so there is 
no single point of failure in the configuration. 
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Design for Performance 


•Top Ten Considerations 
-Intranet versus Internet 

-Client Time (Application, Connections, Tables, Images) 
-Network - Bigger isn't always better, but it usually helps 
-Load balancing - for Performance and Availability 
-Web server - Caching 
-Application - Architectures 

•CGI versus Fast CGI versus ICAPI versus Servlet 
-Security - Symmetric, Asymmetric 
-Database - Pools of pre-established Connections 
-Fileserver - DFS, AFS 
-Server Scalability Clustering versus SMP 


Figure 8-32. Design for Performance IN234.0 

Notes: 
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Exercise Introduction 



Figure 8-33. Exercise Introduction IN234.0 

Notes: 
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Unit Summary 


•Performance 
•WebSphere Edge Server 
•Security Technology 
•J2EE Security 

•WebSphere Application Server Security 

•IBM SecureWay Directory Server 

•Tivoli Access Manager for e-business 

•WebSphere Application Server Workload Management 


Figure 8-34. Unit Summary IN234.0 

Notes: 
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